search
Ctrlk
Back to Home

Pump Customer Access to Management Account

Updated: 7/09/2025

We have an exciting update to share with you regarding your access to the management account within your AWS organization! You will now have access to your AWS organization's management account. This is possible with a new role that we, at Pump, have created within the management account.

We made this decision with our customers’ best interests in mind. Going forward, our goal is to maximize the permissions that you have in the AWS environment and minimize access for Pump.

What’s Changing?

Pump has created a new role—PumpCustomerAccess—in your AWS organization's management account. This gives your team direct access to specific organization-level features, like:

  • AWS CloudTrail

  • AWS Config

  • AWS Inspector

  • Cost allocation tags

  • Other organization-wide services

Note: This change does not affect your existing account-level or billing-level setup.

What Access Is Granted?

Customers assuming this role will have read/write access to organization-level services only. You will not be able to:

  • Create resources (like EC2, Lambda, ECS, etc.) in the management account

  • Access IAM or AWS SSO in the management account

IAM Identity Center (formerly AWS SSO) remains accessible via the Delegated Administrator account.

View Exact Permissions

You can review the exact permissions attached to the PumpCustomerAccess role here:

PumpCustomerAccess Policyarrow-up-right

🧭 How to Access the Management Account

To assume the PumpCustomerAccess role, follow these steps:

  1. Make sure your IAM user or role is in a child account of the management account.

  2. Ensure your user/role has the sts:AssumeRole permission.

  3. Get your Management Account ID:

    Go to AWS Organizations > Dashboard > Management Account ID

  4. In the AWS Console, click your username in the top-right corner.

  5. Click “Switch Role”

  6. Enter:

    • Account ID: [Your Management Account ID]

    • Role name: PumpCustomerAccess

  7. Click Switch Role

You should now have access to organization-level services through the management account.

Want to Restrict Access Further?

By default, any user with sts:AssumeRole permission can switch into this role. If you want to restrict this access to specific accounts, users, or groups, contact Pump, and we can apply tighter constraints.

🧩 Need Help?

If you have any questions or would like assistance customizing access further, reach out to your Pump Account Manager or contact us at [email protected]envelope.

Last updated

Was this helpful?