...
Log in to the AWS Management Console.
You must be logged in as an IAM user, assume an IAM role, or logged in as the root user in the organization’s management account with appropriate permissions that are stated above. For more information, see Safeguard your root user credentials.Go to the AWS Organizations Service Console.
Go to Settings.
In the Delegated Administrator for AWS Organizations section, do one of the following:
To create the organization's delegation policy, choose Delegate.
To update an existing delegation policy, choose Edit.
Type a JSON policy in the JSON editor or copy the below example policy and customize it for your account. Following is an example of a Delegated administrator for AWS Organizations policy:
{"Version": "2012-10-17","Statement": [{"Sid": "DelegatingNecessaryListActionsMultiAcc","Effect": "Allow","Principal": {"AWS": ["arn:aws:iam::<Parent_account_ID>:root","arn:aws:iam::<Parent_account_ID>::root"]},"Action": ["organizations:ListParents","organizations:DescribeOrganizationalUnit","organizations:DescribeAccount","organizations:ListChildren""organizations:ListAccountsForParent","organizations:ListOrganizationalUnitsForParent"],"Resource": "*"}]}Resolve any security warnings, errors, or general warnings generated during policy validation.
Choose Create policy to save your work.
This provides the delegated administrator access to the management account.
...