AWS Management Console

Preparing Your AWS Organization

In order to use your AWS Master Partner account with AWS Standalone Connect, it is required to create an AWS Organization for each customer account and to enable all features for this organization.

Note: This step is only necessary the first time you need to configure the AWS Master Partner Account in order to make it work with the AWS Standalone Connect package.

Create AWS Organization

  1. Log in to the AWS Management Console and click My Organization.

  2. On the introduction page, choose Create organization.
  3. Enable all features for the AWS Organization.

  4. Confirm the creation.

    Note: Please refer to AWS Organizations documentation for more information.

Enable All Features in Existing AWS Organization

If you already have an AWS Organization created and you want to provision, suspend or unprovision policies in the application settings, it will be necessary to verify that it has all features enabled. To do it, please follow these steps:

  1. Log in to the AWS Management Console and click My Organization.

  2. On the top-right side, select Settings.
  3. Click Begin process to enable all features.

  4. Confirm the action.

    Note: Please refer to the AWS Organizations documentation for more information.

Verify your master account email address

Before you can invite existing AWS accounts to join your organization, you must verify your email address.

Note: Please refer to the AWS Organizations documentation for more information.

To do so, please follow these steps:

  1. Log in to the AWS Management Console and click My Organization.

  2. On the top-left side, click Send verification request.
  3. Verify your email address within 24 hours.

Enable Service Control Policy Type for Organization’s Root

In case you want to provision, suspend or unprovision policies in the application settings, it is important to make sure that Service Control Policy type is enabled on the AWS Organization’s root. To do so, please follow these steps:

  1. Log in to the AWS Management Console and click My Organization.

  2. On the top-right hand side, choose Organize accounts.
  3. Click Root to open the organization’s root object.

  4. Click Enable under the ENABLE / DISABLE POLICY TYPES section.

How to create Service Control Policy inside the AWS Organization

An AWS Organization provides a way to apply specific Service Control Policies on the organization level to the organization members. To create a new Organization’s Service Control Policy, please follow these steps:

  1. Log in to the AWS Management Console and click My Organization.

  2. Select Policies in the tab bar.
  3. Click Create policy.
  4. Configure the access restrictions as required.

  5. Click Create policy to complete the action.

    Note: Please refer to the AWS documentation for detailed information on how to configure policies in the AWS Organizations Management Console.

How to Obtain an AWS Access Key ID and a Secret Access Key

When configuring AWS settings and credentials, you will be asked to provide an AWS Access Key ID and a Secret Access Key. In this section, you will find the steps to obtain this information:

  1. Log in to the AWS Management Console and click My Security Credentials.

  2. Click Users.


  3. Click Add User, enter the user name "API APS USER" and select the Programmatic access checkbox.

  4. Now, click Create policy to add the permissions specified below for the user.

    Copy 
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "organizations:ListAccounts",
            "organizations:DescribeAccount"
          ],
          "Resource": "*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "athena:StartQueryExecution",
            "athena:GetQueryResults",
            "athena:GetQueryExecution",
            "athena:StopQueryExecution",
            "athena:ListWorkGroups",
            "athena:GetWorkGroup",
            "s3:ListBucket",
            "s3:GetObject",
            "s3:PutObject",
            "s3:CreateBucket",
            "s3:PutBucketVersioning",
            "s3:PutBucketPolicy"
          ],
          "Resource": "*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "iam:CreateUser",
            "iam:ListUsers",
            "iam:GetRole",
            "iam:ListAttachedRolePolicies",
            "iam:CreateRole",
            "iam:AttachRolePolicy",
            "iam:PassRole"
          ],
          "Resource": "*"
        },
        {
          "Effect": "Allow",
          "Action": "sts:AssumeRole",
          "Resource": "*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "glue:CreateDatabase",
            "glue:GetDatabase",
            "glue:GetDatabases",
            "glue:CreateCrawler",
            "lakeformation:GetDataAccess",
            "lakeformation:GrantPermissions",
            "lakeformation:RevokePermissions",
            "lakeformation:GetDataLakeSettings",
            "lakeformation:PutDataLakeSettings",
            "lakeformation:ListPermissions"
          ],
          "Resource": "*"
        }
      ]
    }

  5. Now, review the options you selected and click Create User.

Related Topics

Configuring Parameters in the Distributor Portal

Back to top

© 2025 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.
I accept