Archera

If the Bash script generated to help you connect your AWS sub-accounts to Reserved.ai, using the role from your Master billing account, is failing with an error similar to the one below

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::000000000000:user/your-master-user is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111111:role/OrganizationAccountAccessRole

the most likely issue is that the AWS sub-account was Invited to the AWS Organization and not created directly from the Master billing account. Since this sub-account was not created directly from the Master billing account, or the sub-account removed the <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html" target="_blank" rel="nofollow noopener noreferrer">pre-generated OrganizationAccountAccessRole that would  allow the Master billing account to have permissions to access the sub-accounts</a>.

To fix this you will need to skip the Script and manually go through the process of connecting each sub-account by logging into that account directly and going through the same IAM Role installation walkthrough you completed to connect the Master Billing Account.

Why Did The AWS Sub-account Connection Script Fail to Connect Some Accounts?

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

{assigneeName} needs more information from you