Organizations - How to Create a New Account Using Organizations

To create an AWS account that automatically is part of your organization (console)

  1. Sign in to the Organizations console at You must sign in as an IAM user or assume an IAM role in the organization's Management account.

  2. On the Accounts tab, choose Add account.

  3. Choose Create account.

  4. Enter the name that you want to assign to the account. This name helps you distinguish the account from all other accounts in the organization and is separate from the IAM alias or the email name of the owner.

  5. Enter the email address for the owner of the new account. This address must be unique to this account because it can be used to sign in as the root user of the account.

  6. (Optional) Specify the name to assign to the IAM role that is automatically created in the new account. This role grants the organization's Management account permission to access the newly created member account. If you don't specify a name, AWS Organizations gives the role a default name of OrganizationAccountAccessRole.


    Remember this role name. You need it later to grant access to the new account for IAM users in the Management account.

  7. Choose Create.


    • If you get an error that indicates that you exceeded your account limits for the organization, contact AWS Support.

    • If you get an error that indicates that you can't add an account because your organization is still initializing, wait one hour and try again.

    • You can also check the AWS CloudTrail log for information on whether the account creation was successful. For more information, see Monitoring the Activity in Your Organization.

    • If the error persists, contact AWS Support.

  8. You are redirected to the Accounts/All accounts tab, showing your new account at the top of the list with its status set to Pending creation. When the account is created, this status changes to Active.


    By default, the Accounts tab hides account creation requests that failed. To show them, choose the switch at the top of the list and change it to Show.

  9. Now that the account exists and has an IAM role that grants administrator access to users in the Management account, you can access the account by following the steps in Accessing and Administering the Member Accounts in Your Organization.

    When you create an account, AWS Organizations initially assigns a password to the root user that is a minimum of 64 characters long. All characters are randomly generated with no guarantees on the appearance of certain character sets. You can't retrieve this initial password. To access the account as the root user for the first time, you must go through the process for password recovery. For more information, see Accessing a Member Account as the Root User.

  10. New Accounts created through Organizations does not include Support by default. To change this to DLT Business Support, follow the instructions in How To - Change AWS Support Option. For Accounts using DLT Business Support, see How To Initiate Support Request With DLT Operations Center for instructions on opening a request. In order to escalate cases such as Service Limit increases, DLT requires basic Support Console access into each AWS Account. To enable this, please see How to Configure Support Account.
  11. DLT offers customers the capability to use CloudCheckr for a variety of reporting. For customers looking to take advantage of all of the capabilities of CloudCheckr in their account, see How To - Create CloudCheckr IAM Policy For Cross-Account Access to add permissions for CloudCheckr into the account.
  12. Each Organization with DLT has a default funding source specified for newly created accounts by default, but if the new account requires being allocated a specific funding source, please reach out to with the new Account number and any funding source details to facilitate this request.

Was this article helpful?
4 out of 4 found this helpful
Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk