Registering a Delegated Administrator

Function

This API is used to register the specified member account as a delegated administrator to manage the Organizations functions of a specified service. This API grants the delegated administrator the read-only access to Organizations service data. IAM users in the delegated administrator account still need IAM permissions to access and manage the specified service. This API can be called only from the organization's management account.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

• If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
• If you are using identity policy-based authorization, the following identity policy-based permissions are required.

  Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
  organizations:delegatedAdministrators:register	Write	account *	g:ResourceTag/<tag-key>	-	-
  		-	organizations:ServicePrincipal

URI

POST /v1/organizations/delegated-administrators/register

Request Parameters

Response Parameters

Status code: 201

Successful.

None

Example Requests

Registering a delegated administrator

POST /v1/organizations/delegated-administrators/register

{
  "service_principal" : "string",
  "account_id" : "_Auft226uZhGFRo5R8unWGQZ5N48PgFrfwyc"
}

Example Responses

None

Status Codes

Error Codes

See Error Codes.