Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Enable a delegated admin account for
Amazon Account Management
You enable a delegated admin account so you can call the Amazon Account Management API operations for
other member accounts in Amazon Organizations. After you register a delegated admin account for your
organization, users and roles in that account can call the Amazon CLI and Amazon SDK operations in
the account namespace that can work in the Organizations mode by supporting an optional
AccountId parameter.
To register a member account in your organization as a delegated admin account, use the
following procedure.
- Amazon CLI & SDKs
-
To register a delegated admin account for the Account Management service
You can use the following commands to enable a delegated admin for the
Account Management service.
To perform these tasks, you must meet the following requirements:
You must specify the following service principal:
account.amazonaws.com
-
Amazon CLI: register-delegated-administrator
The following example registers a member account of the organization
as a delegated admin for the Account Management service.
$ aws organizations register-delegated-administrator \
--account-id 123456789012 \
--service-principal account.amazonaws.com
This command produces no output if it's successful.
After you run this command, you can use credentials from account
123456789012 to call Account Management Amazon CLI and SDK API operations that
use the --account-id parameter to reference member accounts
in an organization.
- Amazon Web Services Management Console
This task isn't supported in the Amazon Account Management management console. You
can perform this task only by using the Amazon CLI or an API operation from one of the Amazon SDKs.