Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setting up a delegated administrator for Systems Manager

When you set up an organization in Amazon Organizations, you assign a management account to perform all administrative tasks for all Amazon Web Services. The management account user can assign a delegated administrator account only for Systems Manager to perform administrative tasks for Change Manager, Explorer, and OpsCenter. Amazon Organizations is an account management service that you can use to create an organization and assign Amazon Web Services accounts to manage these accounts centrally. For information about Amazon Organizations, see Amazon Organizations in the Amazon Organizations User Guide.

Change Manager, Explorer, and OpsCenter, capabilities of Amazon Systems Manager, work with Amazon Organizations to perform tasks on all member accounts of your organization. You can assign only one delegated administrator for all Systems Manager capabilities. The delegated administrator account must be the member of the organizational to which it's assigned.

Delegated administrator for Change Manager

Change Manager is an enterprise change management framework for requesting, approving, implementing, and reporting on operational changes to your application configuration and infrastructure.

If you use Change Manager across an organization, assign a delegated administrator account to manage change templates, approvals, and reporting for all member accounts. Using Quick Setup, you can set up Change Manager to use with an organization and select the delegated administrator account. If you use Change Manager with a single Amazon Web Services account, the delegated administrator account isn't required.

By default, Change Manager displays all change-related tasks in the delegated administrator account. For instructions on configuring a delegated administrator while setting up Change Manager for an organization, see Setting up Change Manager for an organization (management account).

Delegated administrator for Explorer

Explorer is a customizable operations dashboard that reports aggregated view of operations data (OpsData) for your Amazon Web Services accounts, across Amazon Web Services Regions.

You can configure a delegated administrator account for Systems Manager to aggregate Explorer data from multiple Regions and accounts by using resource data sync with Amazon Organizations. A delegated administrator can search, filter, and aggregate Explorer data using the Amazon Web Services Management Console, the Amazon Command Line Interface (Amazon CLI), or Amazon Tools for Windows PowerShell.

When you use a delegated administrator account for Explorer, you limit the number of administrators who can create or delete multi-account and Region resource data syncs to an individual Amazon Web Services account.

You can synchronize operations data across all Amazon Web Services accounts in your organization by using Explorer. For information on how to assign a delegated administrator from Explorer, see Configuring a delegated administrator.

Delegated administrator for OpsCenter

OpsCenter provides a central location where operations engineers and IT professionals can manage operational work items (OpsItems) related to Amazon resources. If you want to use OpsCenter to manage OpsItems centrally across accounts, you must set up the organization in Amazon Organizations.

Using Quick Setup for OpsCenter, you can assign a delegated administrator account and configure OpsCenter to manage OpsItems centrally. For more information, see (Optional) Configure OpsCenter to manage OpsItems across accounts by using Quick Setup.