1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
2
You can log into the member accounts from the root account by Switch Role. Of course, you need to attach proper permission to the IAM users, goups and roles in the root account.
If Organizations not Control Tower, the role "OrganizationAccountAccessRole" in default is assigned to the member accounts. If Control Tower, "AWSControlTowerExecution" is assigned.
In this use case, the root account is often called as jump account. However, for example In production, It is better to use another account not the root account as jump account for separating permissions from the root account.
https://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/
https://docs.aws.amazon.com/controltower/latest/userguide/roles-how.html
답변함 2년 전
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 5달 전