After I use AWS Organizations to create a member account, how do I access that account?

3 minute read

I used AWS Organizations to create a member account in my Organization, and I want to access that account.

Short description

When you create a member account with Organizations, you must specify an email address, an AWS Identity and Access Management (IAM) role, and an account name. If a role name isn't specified, then a default name is assigned: OrganizationAccountAccessRole. To switch to the IAM role and access the member account, use the Organizations console.

Resolution

In the Organizations console, member accounts appear under the Accounts tab. Note the account number, email address, and IAM role name of the member account that you want to access. You can access the member account using either the IAM role or the AWS account root user credentials.

Option one: Use the IAM Role

1. Open the AWS Management Console using IAM user credentials.

2. Choose your account name at the top of the page, and then select Switch role.
Important: If you signed in with root user credentials, then you can't switch roles. You must sign in as an IAM user or role. For more information, see Switching to a role (console).

3. Enter the account number and role name for the member account.

4. (Optional) You can also enter a custom display name (maximum 64 characters) and a display color for the member account.

5. Choose Switch role.

Option two: Use the root user credentials

When you create a new member account, Organizations sets an initial password for that account that can't be retrieved. To access the account as the root user for the first time, follow these instructions to reset the initial password:

1. Follow the instructions for Accessing a member account as the root user.

2. After you receive the reset password email, choose the Reset password link.

3. Open the AWS Management Console using the root user name and the new password.

For more information, see How do I recover a lost or forgotten AWS password?

Note: It's a best practice to use the root user only to create IAM users, groups, and roles. It's also a best practice to use multi-factor authentication for your root user.

Related information

Accessing and administering the member accounts in your organization

Removing a member account from your organization

I can't assume a role

Topics

Management & Governance

Relevant content

Unable to change SSO Idp to AD instance in member account
ppiela
asked 10 months ago
AWS Billing for a member AWS account
Arjun Goel
asked 23 days ago
AWS Org CloudTrail - Member Account Not Added Automatically
AWS-User-0
asked a year ago
Cannot add AWS Management Account as member of Security Hub
Accepted Answer
AWS-User-8416516
asked a year ago
How to delete AWS member account if there is no access to email used to create that account?
Accepted Answer
AWS-User-9933343
asked a year ago
How do I remove a member account from an organization's consolidated bill in AWS Organizations?
AWS OFFICIALUpdated a year ago
How can I grant access to Cost Explorer for an IAM user with a member account of an AWS Organizations?
AWS OFFICIALUpdated 6 months ago
Why do I receive an error when I try to unlink a member account from my organization in AWS Organizations?
AWS OFFICIALUpdated 2 years ago
How do I remove a member account from an organization in AWS Organizations when I can't sign in to the member account?
AWS OFFICIALUpdated 5 months ago
AWS TechAction Grant Available for Fundraising Projects Built on AWS
EXPERT
Benjaglu
published a month ago