Enabling trusted access for AWS Account Management - AWS Account Management

Enabling trusted access for AWS Account Management

To enable the management account in your organization to call the AWS Account Management API operations for other member accounts in the organization, use the following procedure.

Minimum permissions

To perform these tasks, you must meet the following requirements:

  • You can perform this only from the organization's management account.

  • Your organization must have all features enabled.

AWS Management Console

To enable trusted access with AWS Organizations for AWS Account Management

  1. Sign in to the AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.

  2. Choose Services in the navigation pane.

  3. Choose AWS Account Management in the list of services.

  4. Choose Enable trusted access.

AWS CLI & SDKs

To enable trusted access with AWS Organizations for AWS Account Management

You can use the following commands to enable trusted access for Account Management in your organization.

  • AWS CLI: enable-aws-service-access

    The following example enables trusted access for AWS Account Management in the calling account's organization.

    $ aws organizations enable-aws-service-access \ --service-principal account.amazonaws.com

    This command produces no output if it's successful.

    After running this command, you can use credentials from the organization's management account to call Account Management API operations that use the --accountId parameter to reference member accounts in an organization.