Create an administrator-like profile/role outside the management account


I have multiple accounts in Organizations and wanted a way to manage them securely. I want to create a user or give my user permission as if they were an administrator (in this multiple accounts), so I don't have to use the management account. What's the best way to do this?

I saw that I can use permission boundaries, but I didn't find examples of how it would be applied to an administrator-like user or how I can write a policy and permission boundaries in this case for an administrator. Besides that, would any other action be recommended? Any blockage on the management account? Thanks!

2 Answers


If you are using Organizations, you can use SCP to restrict operations.
You might be able to accomplish what you want using this.

profile picture
answered 9 months ago

You might want to also check out delegated administration. Delegated administration provides a convenient way for assigned users in a registered member account to perform most IAM Identity Center administrative tasks. More here:

profile pictureAWS
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions