By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IAM Identity Center | Cannot "Register delegated administrator"

0

Hello there.

I am very new at AWS. I've worked through the docs on setting up my AWS free trial account (as root) in order to setup my first Administrator user, using the IAM Identity Center. Now I am at the step of "Register delegated administrator" . Question I am struggling on STEP 8, could anyone please provide a (very) simple explanation for me? Admittedly I'm fumbling in the dark here, I am not a developer.

  1. Enable IAM Identity Center
  2. Create Administrator permission set (from template) and in my case, also a Billing permission set (from template).
  3. Create a user "micpac" > select 'AWS accounts' > Select my only Account > 'Assign Users or Groups' > Choose "micpac" and both permissions sets
  4. Sign in as "micpac" to https://pinkyponky.awsapps.com/start (as in I set pinky ponky to something custom for me)
  5. Ensure I can see the billing stuff - yes that works.
  6. Back to 'IAM Identity Center' logged in as ROOT
  7. Dashboard > 'Register a delegated administrator' > 'Register account'
  8. And then I get the below error... I'm unsure how to fix this. In my mind I was going to assign user "micpac" as the delegated administrator.... but is this option only relevant if I have more than one account? As in, I make another account the delegated administrator account? But what does that mean? Who gets administrator rights then? Sorry I'm entirely confused. Please can anyone provide an explanation?

Enter image description here

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
profile picture
Michelle
asked a month ago104 views
2 Answers
0
Accepted Answer

Hello,

When you create an organization, you have the management account (the account that created the organization) and the member account (any other account). To prevent this error, you must create a member account and then delegate that account as the administrator.

profile picture
Julian
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
0

Hi @Julian. Thank you for your reply.

Since I don't need another account right now, is there any strong reason I should delegate an administrator? I'm struggling to understand what the purpose of doing this is, even if I had multiple accounts? What happens if I just don't delegate, what are the implications?

Edit: Ahh, not to worry I found the answer. In the docs. I definitely don’t need to delegate :)

*Enabling delegated administration provides the following benefits:

  • Minimizes the number of people who require access to the management account to help mitigate security concerns

  • Allows select administrators to assign users and groups to applications and to your organization's member accounts*

profile picture
Michelle
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content