- Newest
- Most votes
- Most comments
It sounds like you've set up everything correctly with the roles and policies to allow IAM users from your primary AWS account to access S3 buckets in both the primary and 'prod' subsidiary accounts. However, the "Access Denied" error could be due to several reasons. One possibility is the role assumption process: ensure that the IAM users are correctly assuming the 'ProdS3FullAccessRole' when trying to access S3. Also, check if the IAM role permissions are properly propagated; sometimes changes might take a few minutes. Additionally, make sure that the MFA and IAM password policies are not interfering with the role assumption. If these checks still don't resolve the issue, you might want to double-check that the S3 bucket policies or any Service Control Policies (SCPs) applied at the organizational level aren't inadvertently restricting access.
Relevant content
- asked 16 days ago
- asked 2 months ago
- asked 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 6 months ago