Enabling trusted access for S3 Storage Lens in your organization - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Enabling trusted access for S3 Storage Lens in your organization

Enabling trusted access allows Amazon S3 Storage Lens to access your Amazon Organizations hierarchy, membership, and structure through Amazon Organization APIs. S3 Storage Lens becomes a trusted service for your entire organization’s structure. It can create service-linked roles in your organization’s management or delegated administrator accounts whenever a dashboard configuration is created.

The service-linked role grants S3 Storage Lens permissions to describe organizations, list accounts, verify a list of service access for the organizations, and get delegated administrators for the organization. This allows S3 Storage Lens to collect cross-account storage usage and activity metrics for dashboards within accounts in your organizations.

For more information, see Using service-linked roles for Amazon S3 Storage Lens.

  • Trusted access can only be enabled by the management account.

  • Only the management account and delegated administrators can create S3 Storage Lens dashboards or configurations for your organization.

To enable S3 Storage Lens to have trusted access

  1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.amazonaws.cn/s3/.

  2. In the left navigation pane, choose Storage Lens, Organization settings.

  3. In Organizations access, choose Edit.

    The Organization access page opens. Here you can Enable trusted access for S3 Storage Lens. This allows you and any other account holders that you add as delegated administrators to create dashboards for all accounts and storage in your organization.