Activate Delegated Administrator Accounts
In this step, we designate a member account (not the management account) to perform specific administrative tasks for designated AWS services across your organization.
The management account should be used only for organizational management tasks.
In this section, we will create an S3 bucket and configure session log storage to capture the details of commands used in a session.
Why ?
- Separation of duties – Administrative responsibilities can be distributed to specialized teams using dedicated member accounts.
- Reduced management account access – Fewer individuals need access to the management account, improving security.
- Service specialization – Service administrators can manage their respective services organization-wide.
- Operational efficiency – Service administrators can work directly from their assigned accounts without switching to the management account.
- Compliance requirements – Meets compliance needs that require separation of duties.
Contents