After I use AWS Organizations to create a member account, how do I access that account?

Last updated: 2020-09-11

I used AWS Organizations to create a member account in my organization. How do I access it?

Short description

When you create a member account with AWS Organizations, you must specify an email address, an AWS Identity and Access Management (IAM) role, and an account name. If a role name isn't specified, then a default name is assigned—OrganizationAccountAccessRole. You can switch to the IAM role to access the member account through the AWS Organizations console.

Resolution

In the AWS Organizations console, member accounts appear under the Accounts tab. Note the account number, email address, and IAM role name of the member account that you want to access. You can access the member account using either the IAM role or the root user credentials.

Option one: Use the IAM Role

  1. Open the AWS Management Console using IAM user credentials.
  2. Choose your account name at the top of the page, and then select Switch Role.
    Important: If you are signed in with root user credentials, you can't switch roles. You must be signed in as an IAM user or role. For more information, see Switching to a role (Console).
  3. Enter the account number and role name for the member account.
  4. (Optional) You can also enter a custom display name (maximum 64 characters) and a display color for the member account.
  5. Choose Switch Role.

Option two: Use the root user credentials

When you create a new member account, Organizations sets an initial password for that account that can't be retrieved. To access the account as the root user for the first time, follow these instructions to reset the initial password.

  1. Follow the instructions for Accessing a member account as the root user.
  2. After you receive the reset password email, choose the reset password link.
  3. Open the AWS Management Console using the root user name and the new password.

For more information, see How do I recover a lost or forgotten AWS password?

Note: It's a best practice to use the root user only to create IAM users, groups, and roles. It's also a best practice to use multi-factor authentication for your root user.