"ListDelegatedAdministrator operation: You don't have permissions to access this resource" error for Config Aggregator in the Organisation


Hello everyone,

I have a problem with AWS Config aggregator permissions.

I have organisation and under this organisation I have many subaccounts and users are logging in using the SSO roles. I'm the administrator in the management account and when I try to create AWS Config Aggregator for all accounts in org in the particular subaccount I get an error:

"An error occurred (AccessDeniedException) when calling the ListDelegatedAdministrator operation: You don't have permissions to access this resource."

Information about setup of the organisation:

  • There are no SCP policies configured
  • In the Services the Config is enabled
  • I run the command "$aws organizations register-delegated-administrator --service-principal config-multiaccountsetup.amazonaws.com --account-id member-account-ID" But it still shows the same error.
