About member accounts

Member accounts are the accounts through which your users perform their AWS workloads. These member accounts can be created in Account Factory, by IAM Identity Center users with Admin privileges in the Service Catalog console, or by automated methods. When created, these member accounts exist in an OU that was created in the AWS Control Tower console, or registered with AWS Control Tower. For more information, see these related topics:

Provision and manage accounts with Account Factory
Automate tasks in AWS Control Tower
AWS Organizations Terminology and Concepts in the AWS Organizations User Guide.

Also see Provision accounts with AWS Control Tower Account Factory for Terraform (AFT) .

Accounts and controls

Member accounts can be enrolled in AWS Control Tower, or they can be unenrolled. Controls apply differently to enrolled and unenrolled accounts, and controls may apply to accounts in nested OUs based on inheritance.

For information about member account resources that AWS Control Tower allocates, see Resource Considerations for Account Factory.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Shared account resources

Enroll an existing AWS account