官术网_书友最值得收藏!

  • AWS Administration Cookbook
  • Lucas Chan Rowan Udell
  • 173字
  • 2021-07-09 18:18:36

Accessing the member account

Once you've created your member account, it's time to put it to work!

An IAM role will be present in the new account, with a default name of OrganizationAccountAccessRole. This is so you can assume the role (from your master account) and administer the member account. While this name is as good as any, it can be configured by passing the --role-name argument when creating the account.

In order to assume the role, you need to know its Amazon Resource Name (ARN). Working out the ARN is a multi-step process:

  1. List your member accounts by running the following command in your master account:
        aws organizations list-accounts
  1. Find the account you created (by its name) and note the ID value in the record. Using that ID, generate the role's ARN by following this pattern:
        arn:aws:iam::<your-member-account-
id>:role/OrganizationAccountAccessRole
  1. If you have changed the created role's name, update the last part of the ARN accordingly.

See the recipes in Chapter 8Security and Identity for information on how to best manage multiple accounts.

主站蜘蛛池模板: 滦平县| 邳州市| 离岛区| 涞水县| 得荣县| 桂林市| 巴林左旗| 兴海县| 扬中市| 台东市| 永州市| 河东区| 祁阳县| 西青区| 广昌县| 焦作市| 比如县| 济阳县| 砚山县| 江永县| 通江县| 阳泉市| 通化市| 成安县| 峨边| 和静县| 专栏| 武川县| 泽普县| 龙陵县| 宜宾县| 六枝特区| 额敏县| 桂阳县| 沙坪坝区| 耒阳市| 浮山县| 南汇区| 忻州市| 绥江县| 阜南县|