What should the solutions architect do to create IAM users in the new member account?
Sign in to the AWS Management Console with AWS account root user credentials by using the 64-character password from the initial AWS Organizations email sent to [email protected]. Set up the IAM users as required.
From the management account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account. Set up the IAM users as required.
Go to the AWS Management Console sign-in page. Choose “Sign in using root account credentials.” Sign in in by using the email address finance [email protected] and the management account’s root password. Set up the IAM users as required.
Go to the AWS Management Console sign-in page. Sign in by using the account ID of the new member account and the Support1 IAM credentials. Set up the IAM users as required.
Explanations:
The root user of the new member account does not have the initial password until the new account is created. The email with a password is sent to the root user only after account creation.
From the management account, the IAM user Support1 can assume the OrganizationAccountAccessRole in the new member account. This grants necessary permissions to create IAM users.
The email address ([email protected]) is used for the new account’s root login, not the management account’s root credentials. The root user password is also not available yet.
The Support1 IAM user from the management account cannot directly access the new member account using the new account’s ID without assuming the OrganizationAccountAccessRole first.