Hey everyone! I recently took over an AWS environment and I'm trying to understand how everything is connected. I discovered that I have a root account for what's labeled as the "management account", which mainly shows me billing info. However, the actual data I need seems to be in a different AWS account (let's call it Account Two). My access there appears to be quite limited. Does being the root account holder of the management account give me any way to access or connect to this other account? The previous managing company is no longer around, so I'm trying to figure this out on my own.
4 Answers
Honestly, the root or management account is primarily supposed to handle billing, so that's typically all you'll be able to see.
Another couple of options to consider:
1. If root delegation is set up for sub-accounts, you can re-enable root access using a password or 2FA to gain entry and reconfigure things.
2. If Identity Center is configured in the management account and permissions still allow it, you could possibly propagate a user account to the sub-accounts, giving you better access.
It really depends on how the accounts were set up. You might be able to access Account Two if you can assume a role that exists there. Check this link for guidelines on managing accounts and accessing them within AWS Organizations.
I recommend diving into AWS Organizations documentation. It'll help you understand how the accounts can be interlinked.
Thanks for that tip! The second option led me to some great resources.