Accessing your customer-managed account - AMS Advanced Onboarding Guide

Accessing your customer-managed account

After you provision a customer-managed account (CMA) in Multi-Account Landing Zone, an Admin role, CustomerDefaultAdminRole, is in the account for you to assume, through SAML federation, to configure the account.

To access the CMA:

  1. Log into the IAM console for the management account with the CustomerDefaultAssumeRole role.

  2. In the IAM console, on the navigation bar, choose your user name.

  3. Choose Switch Role. If this is the first time choosing this option, a page appears with more information. After reading it, choose Switch Role. If you clear your browser cookies, this page can appear again.

  4. On the Switch Role page, type the customer-managed account ID and the name of the role to assume: CustomerDefaultAdminRole.

Now that you have access, you can create new IAM Roles to continue to access your environment. If you would like to leverage SAML Federation for your CMA Account, see Enabling SAML 2.0 federated users to access the AWS Management Console.