After I use AWS Organizations to create a member account, how do I access that account?

3 minute read

I used AWS Organizations to create a member account in my Organization, and I want to access that account.

Short description

When you create a member account with Organizations, you must specify an email address, an AWS Identity and Access Management (IAM) role, and an account name. If a role name isn't specified, then a default name is assigned: OrganizationAccountAccessRole. To switch to the IAM role and access the member account, use the Organizations console.


In the Organizations console, member accounts appear under the Accounts tab. Note the account number, email address, and IAM role name of the member account that you want to access. You can access the member account using either the IAM role or the AWS account root user credentials.

Option one: Use the IAM Role

1.    Open the AWS Management Console using IAM user credentials.

2.    Choose your account name at the top of the page, and then select Switch role.
Important: If you signed in with root user credentials, then you can't switch roles. You must sign in as an IAM user or role. For more information, see Switching to a role (console).

3.    Enter the account number and role name for the member account.

4.    (Optional) You can also enter a custom display name (maximum 64 characters) and a display color for the member account.

5.    Choose Switch role.

Option two: Use the root user credentials

When you create a new member account, Organizations sets an initial password for that account that can't be retrieved. To access the account as the root user for the first time, follow these instructions to reset the initial password:

1.    Follow the instructions for Accessing a member account as the root user.

2.    After you receive the reset password email, choose the Reset password link.

3.    Open the AWS Management Console using the root user name and the new password.

For more information, see How do I recover a lost or forgotten AWS password?

Note: It's a best practice to use the root user only to create IAM users, groups, and roles. It's also a best practice to use multi-factor authentication for your root user.

Related information

Accessing and administering the member accounts in your organization

Removing a member account from your organization

I can't assume a role

AWS OFFICIALUpdated a year ago