# Pump Customer Access to Management Account We have an exciting update to share with you regarding your access to the management account within your AWS organization!\ \ You will now have access to your AWS organization's management account. This is possible with a new role that we, at Pump, have created within the management account. *We made this decision with our customers’ best interests in mind. Going forward, our goal is to maximize the permissions that you have in the AWS environment and minimize access for Pump.* *** **What’s Changing?** Pump has created a new role—PumpCustomerAccess—in your AWS organization's management account. This gives your team direct access to specific organization-level features, like: * AWS CloudTrail * AWS Config * AWS Inspector * Cost allocation tags * Other organization-wide services Note: This change does not affect your existing account-level or billing-level setup. **What Access Is Granted?** Customers assuming this role will have read/write access to organization-level services only. You will not be able to: * Create resources (like EC2, Lambda, ECS, etc.) in the management account * Access IAM or AWS SSO in the management account IAM Identity Center (formerly AWS SSO) remains accessible via the Delegated Administrator account. **View Exact Permissions** You can review the exact permissions attached to the PumpCustomerAccess role here: [PumpCustomerAccess Policy](https://pump-public-readonly.s3.us-west-2.amazonaws.com/PumpCustomerManagementAccess) **🧭 How to Access the Management Account** To assume the PumpCustomerAccess role, follow these steps: 1. Make sure your IAM user or role is in a child account of the management account. 2. Ensure your user/role has the sts:AssumeRole permission. 3. Get your Management Account ID: Go to AWS Organizations > Dashboard > Management Account ID 4. In the AWS Console, click your username in the top-right corner. 5. Click “Switch Role” 6. Enter: * Account ID: \[Your Management Account ID] * Role name: PumpCustomerAccess 7. Click Switch Role You should now have access to organization-level services through the management account. **Want to Restrict Access Further?** By default, any user with sts:AssumeRole permission can switch into this role. If you want to restrict this access to specific accounts, users, or groups, contact Pump, and we can apply tighter constraints. **🧩 Need Help?** If you have any questions or would like assistance customizing access further, reach out to your Pump Account Manager or contact us at . --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.pump.co/maximizing-pump-with-aws/pump-customer-access-to-management-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.