When an invited AWS account joins an organisation will not contain the OrganisatonAccountAccess role automatically since member accounts that are invited to the organisation do have an administrator role created. You have to do this manually, as shown with the below steps:
- Logging in to the IAM console is the invited account
2. Click on the roles option within the IAM console and then choose Create Role
Since this procedure is being within the same organisation there is no need to click the “Require external Id” option. If required, MFA can be also enabled.
4. In the Attach permission policies choose AdministratorAccess and click Next:tags
5. Enter any tags required and click Next:review
6. On the review page enter OrganizationAccountAccessRole
for the role Name option
If needed, ether Role description and click Create Role
Once this procedure is ready, you can access the invited account from the management (master) account.