An administrator from the master account can switch into a child account by following these steps:

1. Log in to the master account as an IAM user with administrator permissions.

2. Click on the drop-down menu next to username and click on Switch Role:

3. On the role switch page, click Switch Role.
4. On the next screen, enter the following:
   1. Enter the account ID of the child account (available from AWS Organization's Account tab).
   2. Set the Role to OrganizationAccountAccessRole.
   3. Enter a value for Display Name (for example, AwsSecAdmin@OrganizationAccountAccessRole):

We should be logged in to our child account with the specified role. We can verify these details from the dropdown next to our account name:

5. Switch back to the parent account by clicking on the Back to awssecadmin link from the dropdown. If we try to switch roles with a non-admin user by following the preceding steps (with no permissions attached), switching roles will fail with an error, as follows: 

Now, let's look at how to grant permission for a non-admin user in order to switch roles.