Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Identity/ Trust Agencies/ Trust Agency Operations Management/ Delegating Another Account for Resource Management/ Overview
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Overview

A trust agency enables you to entrust another account to perform professional, efficient O&M on your resources based on assigned permissions.

You can delegate resource access only to accounts. The accounts can then delegate access to IAM users under them.

Delegating Process

The following is an example to show how to delegate resource access to another account. In this example, account A is the delegating party and account B is the delegated party.

  1. Account A creates a trust agency in IAM to delegate resource access to account B.

    Figure 1 (Account A) Creating a trust agency

  2. (Optional) Account B authorizes an IAM user to assume trust agencies.

    Figure 2 (Account B) Authorizing an IAM user to manage resources

  3. Account B or the authorized IAM user manages trust agency resources.

    The delegated party switches its role to account A to access and manage the resources of account A.