To invite another account to join your organization (console)
-
Sign in to the Organizations console at https://console.aws.amazon.com/organizations/. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization's Management account.
-
If your email address is already verified, skip this step.
If your email address isn't verified yet, follow the instructions in the verification email within 24 hours. There might be a delay before you receive the verification email. You can't invite an account until your email address is verified.
-
On the Accounts tab, choose Add account.
-
Choose Invite account.
-
Enter either the email address or the account ID number of the AWS account that you want to invite to your organization. If you want to invite multiple accounts, separate them with commas.
-
(Optional) For Notes, enter any message that you want included in the email invitation to the other account owners.
-
Choose Invite.
Important
If you get a message that you exceeded your account limits for the organization or that you can't add an account because your organization is still initializing, contact AWS Support.
-
The console redirects you to the Invitations tab. View all open and accepted invitations here. The invitation that you just created appears at the top of the list with its status set to OPEN.
AWS Organizations sends an invitation to the email address of the owner of the account that you invited to the organization. This email includes a link to the AWS Organizations console, where the account owner can view the details and choose to accept or decline the invitation. Alternatively, the owner of the invited account can bypass the email, go directly to the AWS Organizations console, view the invitation, and accept or decline it.
The invitation to this account immediately counts against the limit to the number of accounts that you can have in your organization. AWS Organizations doesn't wait until the account accepts the invitation. If the invited account declines, the Management account cancels the invitation. If the invited account doesn't respond within the specified time period, the invitation expires. In either case, the invitation no longer counts against your limit.
If the invited account is part of an existing Organization, it must be unlinked
-
Sign in to the console; you can sign in as an IAM user with the required permissions, or as the root user of the member account that you want to remove from the organization.
-
On the Organization overview page, choose Leave organization.
-
Perform one of the following steps:
-
If your account has all the required information to operate as a standalone account, a confirmation dialog box appears. Confirm your choice to remove the account. You are redirected to the Getting Started page of the AWS Organizations console, where you can view any pending invitations for your account to join other organizations.
-
If your account doesn't have all the required information, perform the following steps:
-
A dialog box appears to explain that you must complete some additional steps. Click the link.
-
Complete all the sign-up steps that are presented. They might include the following:
-
Provide contact information
-
Accept the AWS Customer Agreement
-
Provide a valid payment method
-
Verify the phone number
-
Select a support plan option
-
-
When you see the dialog box stating that the sign-up process is complete, choose Leave organization.
-
A confirmation dialog box appears. Confirm your choice to remove the account. You are redirected to the Getting Started page of the AWS Organizations console, where you can view any pending invitations for your account to join other organizations.
-
To accept or decline an invitation (console)
-
An invitation to join an organization is sent to the email address of the account owner. If you are an account owner and you receive an invitation email, follow the instructions in the email invitation or go to https://console.aws.amazon.com/organizations/ in your browser, and then choose Respond to invitations.
-
If prompted, sign in to the invited account as an IAM user, assume an IAM role, or sign in as the account's root user (not recommended).
-
On the Invitations page in the console, you can see your open invitations to join organizations. Choose Accept or Decline as appropriate.
-
If you choose Accept in the preceding step, in the Confirm joining the organization confirmation window, choose Confirm.
The console redirects you to the Organization overview page with details about the organization that your account is now a member of. You can view the organization's ID and the owner's email address.
Note
Accepted invitations continue to appear in the list for 30 days. After that, they are deleted and no longer appear in the list.
AWS Organizations automatically creates a service-linked role in the new member account to support integration between AWS Organizations and other AWS services. For more information, see AWS Organizations and Service-Linked Roles.
AWS sends an email to the owner of the organization's Management account stating that you accepted the invitation. It also sends an email to the member account owner stating that the account is now a member of the organization.
- If you choose Decline in the preceding step, your account remains on the Invitations page that lists any other pending invitations.
- AWS sends an email to the organization's Management account owner stating that you declined the invitation.
-
Note
Declined invitations continue to appear in the list for 30 days. After that, they are deleted and no longer appear in the list.
Support Plan
- Accounts brought into your account is designed to keep its existing Support Plan. To change the Support Plan to DLT Business Support, follow the instructions in How To - Change AWS Support Option.
- Ensure DLT Support permissions are enabled in your AWS Account. In order to escalate cases such as Service Limit increases, DLT requires basic Support Console access into each AWS Account. To enable this, please see How to Configure Support Account.
Enable CloudCheckr
- DLT offers customers the capability to use CloudCheckr for a variety of reporting. For customers looking to take advantage of all of the capabilities of CloudCheckr in their account, see How To - Create CloudCheckr IAM Policy For Cross-Account Access to add permissions for CloudCheckr into the account.
Comments
0 comments
Please sign in to leave a comment.