Delegated administrator organizational view
With AWS Health, you can leverage the delegated administrator feature from AWS Organizations that allows an account other than the management account to view aggregated AWS Health events on the AWS Health Dashboard
Contents
Register a delegated administrator for your organizational view
After you enable organizational view for your organization, you can register up to five member accounts in your organization as a delegated administrator. To do this, call the RegisterDelegatedAdministrator API operation. After you register the member acounts, they are delegated administer accounts and can access the AWS Health organizational view from the AWS Health Dashboard. If the account has a Business
To establish a delegated administrator, from the management account in your organization, call the following AWS Command Line Interface (AWS CLI) command. You can use this command from the management account or from an account that can assume the role with the required AWS Identity and Access Management permissions. In the following example command, replace ACCOUNT_ID with the member account ID that you want to register along with the AWS Health service principal "health.amazonaws.com".
aws organizations register-delegated-administrator --account-id ACCOUNT_ID --service-principal health.amazonaws.com
After a delegated administrator is registered, you have visibility into all AWS Health events affecting accounts across your organization. You can view historical events over the past 90 days or since the organizational view feature was first enabled, whichever is more recent. Note that enabling the delegated administrator feature is an asynchronous process and takes up to a minute to complete.
Remove a delegated administrator from your organizational view
To remove access for a delegated administrator, call the DeregisterDelegatedAdministrator API operation.
From your organization's management account, call the following AWS CLI command to remove a member account as delegated administrator. In the following example command, replace ACCOUNT_ID with the member account ID that you want to remove.
aws organizations deregister-delegated-administrator --account-id ACCOUNT_ID --service-principal health.amazonaws.com