An administrator from the master account can switch into a child account by following these steps:
- Log in to the master account as an IAM user with administrator permissions.
- Click on the drop-down menu next to username and click on Switch Role:
- On the role switch page, click Switch Role.
- On the next screen, enter the following:
- Enter the account ID of the child account (available from AWS Organization's Account tab).
- Set the Role to OrganizationAccountAccessRole.
- Enter a value for Display Name (for example, AwsSecAdmin@OrganizationAccountAccessRole):
We should be logged in to our child account with the specified role. We can verify these details from the dropdown next to our account name:
- Switch back to the parent account by clicking on the Back to awssecadmin link from the dropdown. If we try to switch roles with a non-admin user by following the preceding steps (with no permissions attached), switching roles will fail with an error, as follows:
Now, let's look at how to grant permission for a non-admin user in order to switch roles.