Hi :wave: I have a question about Pulumi organizat...
# getting-startedi
important-australia-24045
01/18/2023, 8:25 PMHi 👋 I have a question about Pulumi organizations. Are organizations a good boundary between different clients who are on their own AWS accounts? Or let's say I have customerA with stage and prod environments in different AWS accounts, would making Pulumi organizations for these two accounts (customerAStage, customerAProd, customerBStage, customerBProd, etc.)
l
little-cartoon-10569
01/18/2023, 8:35 PMThat sounds more like stacks to me. Multiple stacks in one project.
One project can exist only in one Organization.
So for this case, I would say, no, Organizations are not useful.
little-cartoon-10569
01/18/2023, 8:35 PMOrganizations are for adding easy access control to groups of projects.
little-cartoon-10569
01/18/2023, 8:36 PMNow that Organization Access Tokens are a thing, they become a useful way of deciding if you need new Organizations. An organization token has deploy access to all stacks in all projects in the organization, and no access to any stacks in any projects outside the organization. If you want to allow two stacks to be deployed by the same job / pipeline, and therefore by the same token, then they need to be in the same Organization.
i
important-australia-24045
01/18/2023, 8:38 PMThanks for the reply @little-cartoon-10569
important-australia-24045
01/18/2023, 8:48 PMI'll have to look into what Organization Access Tokens are. I'm still pretty green in my Pulumi journey 🔰
l
little-cartoon-10569
01/18/2023, 10:22 PMYou don't need to use them, but they give a good idea of how to use Organizations.
c
clever-sunset-76585
01/18/2023, 11:31 PMOrg access tokens are for headless access to Pulumi stacks. They are not tied to any specific user. But they are not available in all pricing tiers.