Posted On: Mar 7, 2023
We are excited to launch delegated administrator for AWS Organizations to help you delegate the management of your Organizations policies, enabling you to govern your AWS organization and member accounts with increased agility and decentralization. You can now allow member accounts to manage policy types specific to their needs. By specifying fine-grained permissions, you can balance flexibility with limiting access to your highly privileged management accounts.
You can use AWS Organizations to centrally manage and govern multiple accounts with AWS. As you scale operations and need to manage more accounts within AWS Organizations, implementing and scaling policy administration requires coordination between multiple teams, and can take more time. You can now delegate the management of policies to designated member accounts that are known as delegated administrators for AWS Organizations. You can select any policy types available in AWS GovCloud (US) Regions — service control policies (SCPs) and/or tag policies — and specify permissible actions. Once delegated access, users with the right permissions can go to the AWS Organizations console, see and manage policies that they have permissions for, and create their own policies.
The delegation feature previously available in all commercial AWS Regions is now available in the AWS GovCloud (US) Regions as well. To learn more, go to Delegated administrator for AWS Organizations user guide.
3/10/2023: This post originally stated that this feature was available for all four AWS Organizations policy types in AWS GovCloud (US) Regions. It has been updated to accurately mention availability only for service control policies (SCPs) and tag policies.