Enabling trusted access for Amazon Account Management - Amazon Account Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enabling trusted access for Amazon Account Management

Enabling trusted access for Amazon Account Management allows the administrator of the management account to modify the information and metadata (for example, primary or alternate contact details) specific to each member account in Amazon Organizations. For more information, see Amazon Account Management and Amazon Organizations in the Amazon Organizations User Guide. For general information about how trusted access works, see Using Amazon Organizations with other Amazon services.

After trusted access has been enabled, you can use the accountID parameter in those Account Management API operations that support it. You can use this parameter successfully only if you call the operation using credentials from the management account, or from the delegated admin account for your organization if you enable one. For more information, see Enabling a delegated admin account for Amazon Account Management.

Use the following procedure to enable trusted access for Account Management in your organization.

Minimum permissions

To perform these tasks, you must meet the following requirements:

  • You can perform this only from the organization's management account.

  • Your organization must have all features enabled.

Amazon Web Services Management Console
To enable trusted access for Amazon Account Management

  1. Sign in to the Amazon Organizations console. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.

  2. Choose Services in the navigation pane.

  3. Choose Amazon Account Management in the list of services.

  4. Choose Enable trusted access.

  5. In the Enable trusted access for Amazon Account Management dialog box, type enable to confirm it, and then choose Enable trusted access.

Amazon CLI & SDKs
To enable trusted access for Amazon Account Management

After running the following command, you can use credentials from the organization's management account to call Account Management API operations that use the --accountId parameter to reference member accounts in an organization.

  • Amazon CLI: enable-aws-service-access

    The following example enables trusted access for Amazon Account Management in the calling account's organization.

    $ aws organizations enable-aws-service-access \
    --service-principal account.amazonaws.com

    This command produces no output if it's successful.