Enable a delegated admin account for
AWS Account Management
You enable a delegated admin account so you can call the AWS Account Management API operations for
other member accounts in AWS Organizations. After you register a delegated admin account for your
organization, users and roles in that account can call the AWS CLI and AWS SDK operations in
the account
namespace that can work in the Organizations mode by supporting an optional
AccountId
parameter.
To register a member account in your organization as a delegated admin account, use the
following procedure.
- AWS CLI & SDKs
-
To register a delegated admin account for the Account Management service
You can use the following commands to enable a delegated admin for the
Account Management service.
To perform these tasks, you must meet the following requirements:
You must specify the following service principal:
account.amazonaws.com
-
AWS CLI: register-delegated-administrator
The following example registers a member account of the organization
as a delegated admin for the Account Management service.
$
aws organizations register-delegated-administrator \
--account-id 123456789012 \
--service-principal account.amazonaws.com
This command produces no output if it's successful.
After you run this command, you can use credentials from account
123456789012 to call Account Management AWS CLI and SDK API operations that
use the --account-id
parameter to reference member accounts
in an organization.
- AWS Management Console
This task isn't supported in the AWS Account Management management console. You
can perform this task only by using the AWS CLI or an API operation from one of the AWS SDKs.