官术网_书友最值得收藏!

Accessing the member account

Once you've created your member account, it's time to put it to work!

An IAM role will be present in the new account, with a default name of OrganizationAccountAccessRole. This is so you can assume the role (from your master account) and administer the member account. While this name is as good as any, it can be configured by passing the --role-name argument when creating the account.

In order to assume the role, you need to know its Amazon Resource Name (ARN). Working out the ARN is a multi-step process:

  1. List your member accounts by running the following command in your master account:
        aws organizations list-accounts
  1. Find the account you created (by its name) and note the ID value in the record. Using that ID, generate the role's ARN by following this pattern:
        arn:aws:iam::<your-member-account-
id>:role/OrganizationAccountAccessRole
  1. If you have changed the created role's name, update the last part of the ARN accordingly.

See the recipes in Chapter 8Security and Identity for information on how to best manage multiple accounts.

主站蜘蛛池模板: 东兰县| 林州市| 平原县| 岳池县| 绥德县| 太白县| 凤冈县| 上栗县| 巴彦县| 长白| 宝兴县| 鄄城县| 区。| 旌德县| 开原市| 板桥市| 泾川县| 万年县| 涞源县| 会宁县| 南平市| 鲁甸县| 七台河市| 罗平县| 东丽区| 镇平县| 揭东县| 疏附县| 龙海市| 竹山县| 聂拉木县| 始兴县| 南充市| 八宿县| 久治县| 鸡泽县| 东丰县| 岱山县| 丹阳市| 莫力| 思茅市|