Administrative Delegation with AWS Organizations

What Is Delegation on AWS Cloud? Link to heading

In the context of Amazon Web Services (AWS Cloud), delegation involves assigning specific responsibilities or permissions to particular entities within the AWS platform. By delegating tasks or privileges, organizations can efficiently manage and control their cloud resources. One key aspect of delegation is the use of delegated admin accounts.

Delegated Admin Accounts Explained Link to heading

Purpose Link to heading

A delegated admin account is a member account within an AWS Organization that has been designated to perform administrative tasks on behalf of other member accounts. Essentially, it acts as an administrative proxy, allowing certain actions to be taken across the organization.

Capabilities Link to heading

The delegated admin account can call AWS Account Management API operations for other member accounts. This means the “delegated” member account can manage account-related tasks programmatically, such as creating or deleting accounts, updating account settings, and managing permissions.

Performing Delegation on AWS Cloud Link to heading

Delegation can be performed through the AWS CLI or through the web via the AWS Console. Use the management account in your organization to investigate the service console for AWS Organizations. Investigate the service console for services that support delegation such as AWS Identity Center or AWS CloudFormation.