# Registering a Delegated Administrator for Amazon Config Delegated administrators are accounts within a given Amazon Organization that are granted additional administrative privileges for a specified Amazon service. For more information, see [Delegated administrator](https://docs.amazonaws.cn/organizations/latest/userguide/orgs_getting-started_concepts.html) in the *Amazon Organizations User Guide*. You must use the Amazon CLI to register a delegated administrator. **Registering a Delegated Administrator** 1. Log in with management account credentials. 1. Open a command prompt or a terminal window. 1. Enter the following command to enable service access as a delegated administrator for your organization to deploy and manage Amazon Config rules and conformance packs across your organization: ``` aws organizations enable-aws-service-access --service-principal=config-multiaccountsetup.amazonaws.com ``` 1. Enter the following command to enable service access as a delegated administrator for your organization to aggregate Amazon Config data across your organization: ``` aws organizations enable-aws-service-access --service-principal=config.amazonaws.com ``` 1. To check if the enable service access is complete, enter the following command and press Enter to execute the command. ``` aws organizations list-aws-service-access-for-organization ``` You should see output similar to the following: ``` { "EnabledServicePrincipals": [ { "ServicePrincipal": [ "config.amazonaws.com", "config-multiaccountsetup.amazonaws.com" ], "DateEnabled": 1607020860.881 } ] } ``` 1. Next, enter the following command to register a member account as a delegated administrator for Amazon Config. ``` aws organizations register-delegated-administrator --service-principal=config-multiaccountsetup.amazonaws.com --account-id MemberAccountID ``` and ``` aws organizations register-delegated-administrator --service-principal=config.amazonaws.com --account-id MemberAccountID ``` 1. To check if the registration of delegated administrator is complete, enter the following command from the management account and press Enter to execute the command. ``` aws organizations list-delegated-administrators --service-principal=config-multiaccountsetup.amazonaws.com ``` and ``` aws organizations list-delegated-administrators --service-principal=config.amazonaws.com ``` You should see output similar to the following: ``` { "DelegatedAdministrators": [ { "Id": "MemberAccountID", "Arn": "arn:aws:organizations::ManagementAccountID:account/o-c7esubdi38/MemberAccountID", "Email": "name@amazon.com", "Name": "name", "Status": "ACTIVE", "JoinedMethod": "INVITED", "JoinedTimestamp": 1604867734.48, "DelegationEnabledDate": 1607020986.801 } ] } ```