About member accounts

Member accounts are the accounts through which your users perform their AWS workloads. AWS Control Tower member accounts can be created and customized by various methods, including automated methods. In some cases, you can bring existing AWS accounts into AWS Control Tower. When member accounts are created or enrolled, they must exist inside an organizational unit (OU) that was created in the AWS Control Tower console, or registered with AWS Control Tower. For more information, see these related topics:

Methods of provisioning
Provision and manage accounts with Account Factory
Automate tasks in AWS Control Tower
Move and enroll accounts with auto-enrollment
Provision accounts with AWS Control Tower Account Factory for Terraform (AFT)
AWS Organizations Terminology and Concepts in the AWS Organizations User Guide.

Accounts and controls

Member accounts can be enrolled in AWS Control Tower, or they can be unenrolled. Controls apply differently to enrolled and unenrolled accounts, and controls may apply to accounts in nested OUs based on inheritance.

For information about member account resources that AWS Control Tower allocates, see Resource Considerations for Account Factory.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Shared account resources

Interact with AWS Control Tower accounts from AWS Service Catalog