Setting up the OrganizationAccountAccessRole in an invited AWS member account within an organisations

When an invited AWS account joins an organisation will not contain the OrganisatonAccountAccess role automatically since member accounts that are invited to the organisation do have an administrator role created. You have to do this manually, as shown with the below steps:

  1. Logging in to the IAM console is the invited account

2. Click on the roles option within the IAM console and then choose Create Role

3. Choose Another AWS Account and input the management account id (or master account id) in the Account ID option

Since this procedure is being within the same organisation there is no need to click the “Require external Id” option. If required, MFA can be also enabled.

4. In the Attach permission policies choose AdministratorAccess and click Next:tags

5. Enter any tags required and click Next:review

6. On the review page enter OrganizationAccountAccessRole for the role Name option

If needed, ether Role description and click Create Role

Once this procedure is ready, you can access the invited account from the management (master) account.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.