Delegated administrator for Amazon Organizations

We recommend that you use the Amazon Organizations management account and its users and roles only for tasks that must be performed by that account. We also recommend that you store your Amazon resources in other member accounts in the organization and keep them out of the management account. This is because security features like Organizations service control policies (SCPs) do not restrict users or roles in the management account.

From the organization's management account, you can delegate policy management for Organizations to specified member accounts to perform policy actions that are by default available only to the management account.

For example resource-based delegation policies, see Resource-based policy examples for Amazon Organizations.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

AI services opt-out policy syntax and examples

Create a resource-based delegation policy