OrganizationAccountAccessRole + Stacksets

Will having OrganizationAccountAccessRole with only billing facility allow to access/create resources in member accounts using stacksets

Topics

Management & Governance

Tags

AWS CloudFormation AWS Organizations StackSets

Language

English

Keerthi

asked a month ago143 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hello.

I think an error will occur if the IAM policy for creating AWS resources is not set in "OrganizationAccountAccessRole".
In other words, if you have an IAM policy with only a billing facility, you will not be able to create AWS resources, which will result in an error.

with only billing facility allow

I think it's a good idea to create "AWSCloudFormationStackSetExecutionRole" in the member account and set the IAM policy required to create AWS resources.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html

EXPERT

Riku_Kobayashi

answered a month ago

Relevant content

Creating a stackset with cloudformation TO DEPLOY STACK IN MY MEMBERS ACCOUNT
Accepted Answer
Nafiu
asked 4 months ago
OrganizationAccountAccessRole
Keerthi
asked 2 months ago
StackSets with SERVICE_MANAGED permission model can only have OrganizationalUnit as target
Accepted Answer
Nafiu
asked 3 months ago
CloudFormation StackSets with service-managed permissions - service role blocked by SCP?
Accepted Answer
Martin Lazarov
asked a year ago
How do I resolve the CloudFormation stack set errors "no stack instance found" or "Organizational unit not found in StackSet"?
AWS OFFICIALUpdated 6 months ago
Why can't I access my member account?
AWS OFFICIALUpdated a year ago
How do I remove a member account from an organization in AWS Organizations when I can't sign in to the member account?
AWS OFFICIALUpdated 2 years ago
How do I navigate between member accounts in AWS Organizations?
AWS OFFICIALUpdated a year ago
Avoiding additional bills when migrating accounts between AWS Organizations
EXPERT
Andre Portela
published 8 months ago
AWS Trusted Advisor Priority Member Account Experience for Customers
EXPERT
AWS_Manas_S
published 23 days ago