Create or invite other AWS accounts into the organization structure.
Invite Account
To invite an existing account to the org, you need the target account ID or email address to create and invite.
Send Invite
In the AWS Organizations portal: Select âAdd and AWS Accountâ: Select âSend Invitationâ: In the target account, remember to accept the invitation inside the AWS Organizations portal and you are now connected to the organization. To enable role switching, follow below to enable IAM access to the account.
Adding IAM role to target account
Now that we have sent an invitation, we need to add the proper IAM roles in order to allow access from the management account:
Select âCreate Roleâ: Select: AWS Account>Another AWS Account and enter the management account ID: To add permissions, search âadministratoraccessâ: You can give it any role name but âOrganizationAccountAccessRoleâ is the standard role name that AWS has when allowing organization access: Click on âCreate roleâ when you have finished. You can now go to the Role Switching section below.
Create New Account
In the AWS portal, navigate to AWS Organizations and select the âAdd an AWS Accountâ: Enter a unique username and email address: Once the account has been created, copy the ID (Green Box) and move to the role switching section below: Note: You can only access this type of account through role switching.
Role Switching
For invited accounts: In order to implement this, in the destination account, add an IAM role to allow administrator access for another AWS account.
On the top right side, select the âSwitch Roleâ button:
Enter the:
- Account ID (Copied earlier in the âCreate Accountâ section above
- IAM role name you used when creating the account (Default should be âOrganizationAccountAccessRoleâ)
- Display name - identifier for the account
- Display Color - for easier identification Select switch role when done:
The console will direct you to the new account which can be identified by the top right corner:
You once you switch the role, you will now see that you are in the target account on the top right corner of the console. To go back select the âswitch backâ button:
You can now invite, create, and switch AWS accounts.