• AWS

  • Delegated administrator for AWS services and AWS Organizations

I am unable to understand following things. Can you please simplyfy this?

Delegated administrator for AWS services
Learn more about delegating the management of multi-account features in other AWS services that you can use with AWS Organizations.

Delegated administrator for AWS Organizations
Learn more about delegating the management of multi-account features in other AWS services that you can use with AWS Organizations.

Simplified Explanation: Delegated Administrator in AWS Organizations

AWS Delegated Administrator allows the root account owner to assign specific AWS management tasks to another AWS account without using the root account.

🔹 1. Delegated Administrator for AWS Services

✅ This allows a non-root account (another AWS account in your Organization) to manage AWS services across multiple AWS accounts.
✅ Instead of using the Root Account for everything, an Administrator Account (e.g., Security, Logging, or Billing) can be assigned to handle specific AWS services.

Example Use Case:

  • Security Team Account can be a Delegated Administrator for AWS Security Hub to monitor security across multiple AWS accounts.
  • Networking Team Account can be a Delegated Administrator for AWS Transit Gateway to manage network connections across accounts.

🔹 2. Delegated Administrator for AWS Organizations

✅ This allows another AWS account (besides the root account) to manage AWS Organizations settings.
✅ The root account does not need to handle all AWS Organization tasks, reducing security risks.

Example Use Case:

  • A Delegated Admin Account can be allowed to create, remove, or modify AWS accounts in an organization.
  • This account can manage Service Control Policies (SCPs) and AWS Organization settings.

🎯 Why Use Delegated Administrators?

  • Security: Reduces the need for using the root account.
  • Separation of Duties: Assigns different admin tasks to different teams.
  • Scalability: Enables large organizations to manage AWS services across multiple accounts efficiently.

🔹 How to Set Up a Delegated Administrator?

  1. Go to AWS Organizations → Select AWS Services.
  2. Choose the AWS Service (e.g., Security Hub, Transit Gateway, etc.).
  3. Select an AWS Account to be the Delegated Administrator.
  4. Confirm and Save.

Now, that AWS account can manage that AWS service for all AWS accounts in the Organization!

🔹 Summary

  • Delegated Administrator for AWS Services → Assigns AWS service management (e.g., Security Hub, Billing, Transit Gateway) to a specific AWS account.
  • Delegated Administrator for AWS Organizations → Allows another AWS account (besides root) to manage AWS Organizations settings.
  • ✅ Best Practice: Assign specific AWS accounts as Delegated Admins instead of using the root account for everything.

Would you like a step-by-step guide to set this up in your AWS Organization? 🚀