For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
Why can't I access my member account in AWS Organizations?
I want to access my member account in an AWS Organization.
Resolution
To gain access to a member account in your organization, first try signing in with the email address and password that you created for the account.
If you can't sign in with your initial password, complete the following steps:
- Open the AWS Management Console.
Note: If you're already signed in to AWS, then you must sign out to see the Sign in page. - Choose Root user.
- Enter the email address that is associated with your AWS account, and then choose Next.
- Choose Forgot your password? Then, enter the information that's required to reset the password. Confirm that your email address that's associated with the account is active and receives incoming email.
Access a member account that has a management account access role
When you create a member account, AWS Organizations automatically creates an AWS Identity and Access Management (IAM) role called OrganizationAccountAccessRole in the account. This role has full administrative permissions in the member account. The scope of access for this role includes all principals in the management account.
To assume the OrganizationAccountAccessRole, complete the following steps:
- Open the AWS Management Console with IAM user credentials that grant administrator permissions in the management account.
- Grant permissions to members of the IAM group in the management account to access the role.
- Switch to the role for the member account.
Use the AWS CLI to switch the IAM role programmatically
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, confirm that you're using the most recent AWS CLI version.
You can't switch roles when you sign in as the AWS account root user. For more information, see Granting a user permissions to switch roles.
To switch the IAM role programmatically, run the following assume-role AWS CLI command:
aws sts assume-role \ --role-arn arn:aws:iam::MEMBER-ACCOUNT-ID:role/OrganizationAccountAccessRole \ --role-session-name my-session
Note: Replace MEMBER-ACCOUNT-ID with your member account ID.
Create the OrganizationAccountAccessRole in an invited member account
Invited member accounts that join your organization don't automatically get an administrator's role. You must create the role manually. This action duplicates the role automatically set up for created accounts. As a best practice, use the same name, OrganizationAccountAccessRole, for your manually created roles for consistency and ease of use.
Post-closure
If you closed a member account more than 90 days previously, then the account is permanently closed and you no longer have access to it. All content and AWS services associated with this account are deleted.
Related information
When should I use an external ID?
- Topics
- Management & Governance
- Language
- English
- Log in to the AWS Management Console with either as IAM user of the management account or with a delegated administrator’s credentials.
- Go to the AWS IAM console.
- Select “Root Access Management”
- Choose the member account where root user credentials need to be recovered.
- Click the “Take privileged action” button for the selected account.
- Select the “Allow password recovery” option. If “Allow password recovery" is not available, then click “Delete root user credentials”
- Repeat steps 3 to 6.
- Follow the on-screen instructions to confirm the action and initiate the password recovery process for the member account’s root user.
This article was reviewed and updated on 2026-02-24.
Relevant content
- asked 5 months ago
- asked 6 months ago
- asked a year ago
- asked 8 months ago
- AWS OFFICIALUpdated 19 days ago
