Create an organization Email address verification

Creating an organization

Note

AWS Organizations is changing the name of the “master account” to “management account”. This is a name change only, and there is no change in functionality. You might continue to see a few instances of the old term while we complete the work to transition to the newer term. If you see one we missed, please use the Feedback link at the top of that page to let us know.

You can create an organization that starts with your AWS account as the management account (formerly known as the "master account"). When you create an organization, you can choose whether the organization supports all features (recommended) or only consolidated billing features.

Note

Currently, you can have only one root in your organization.

After creating an organization, you can add accounts to your organization in these ways from the management account:

Create other AWS accounts that are automatically added to your organization as member accounts
After verifying your email address, invite existing AWS accounts to join your organization as member accounts

Create an organization

You can create an organization by using either the AWS Management Console or by using a command from the AWS CLI or one of the SDK APIs.

Minimum permissions

To create an organization with your current AWS account, you must have the following permissions:

organizations:CreateOrganization
iam:CreateServiceLinkedRole

You can restrict this permission to only the service principal organizations.amazonaws.com.

AWS Management Console

To create an organization

Sign in to the AWS Organizations console at https://console.aws.amazon.com/organizations/. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account.
On the introduction page, choose Create organization.
In the Create organization confirmation dialog box, choose Create organization.

Note

By default, the organization is created with all features enabled. You can also create the organization with only consolidated billing features enabled.

The organization is created. You're now on the Accounts tab. The star next to the account email indicates that it's the management account.

A verification email is automatically sent to the address that is associated with your management account. There might be a delay before you receive the verification email.
Verify your email address within 24 hours. For more information, see Email address verification.
Add accounts to your organization as follows:
- To create an AWS account that is automatically part of your AWS organization, see Creating an AWS account in your organization.
- To invite an existing account to your organization, see Inviting an AWS account to join your organization.
Note

You can add new accounts to your organization without verifying your management account's email address. To invite existing accounts, you must first verify that email address.

AWS CLI, AWS API

To create an organization

You can use one of the following commands to create an organization:

AWS CLI: aws organizations create-organization
AWS API: CreateOrganization

Email address verification

After you create an organization and before you can invite accounts to join, you must verify that you own the email address provided for the management account in the organization.

When you create an organization, AWS automatically sends a verification email to the specified email address. There might be a delay before you receive the verification email.

Within 24 hours, follow the instructions in the email to verify your email address.

If you don't verify your email address within 24 hours, you can resend the verification request so that you can invite other AWS accounts to your organization. If you don't receive the verification email, check that your email address is correct and, if necessary, modify it.

To find out what email address is associated with your management account, see Viewing details of an organization from the management account.
To change the email address that is associated with your management account, see Managing an AWS Account in the AWS Billing and Cost Management User Guide.

To resend the verification request

Sign in to the AWS Organizations console at https://console.aws.amazon.com/organizations/. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account.
Choose the Settings tab and then choose Send verification request.
Verify your email address within 24 hours.

After verifying your email address, you can invite other AWS accounts to your organization. For more information, see Inviting an AWS account to join your organization.

If you change the email address of the management account, the account's status reverts to "email unverified," and you must complete the verification process for your new email address.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating and managing an organization

Enabling all features