that is automatically a member of the organization whose credentials made the request. { "Email": "[email protected]", "AccountName": "Production Account" } 2. DescribeCreateAccountStatus() - Retrieves the current status of an asynchronous request to create an account. 3. AssumeRole(OrganizationAccountAccessRole) - Assume permissions in the new account. 4. Run CloudFormation templates to create standardized roles, complete trusted advisor steps, configure CloudTrail, etc 5. Set up MFA and root password 6. Add alternate contacts
cross-region security group ID references 3. Avoiding IP range clashes 4. Limitations of Service Control Policies 5. One hour expiration for credentials obtained via role chaining 6. Tools and services still catching up with multi-account support