How do I resolve the error "Account used is not a delegated administrator" when I run the ListStackSets operation?

Short description

This error occurs if you run ListStackSets from an account that isn't registered as a delegated administrator. The error might also occur if the user or role running this action doesn't have the required permissions.

Resolution

Follow these troubleshooting options to resolve the error:

Verify if the account is a delegated administrator

Run the following command from the organization's management account:

aws organizations list-delegated-administrators --service-principal=member.org.stacksets.cloudformation.amazonaws.com

If the output doesn't show the account, then the account isn't registered as a delegated administrator.

Use the AWS CloudFormation console or the AWS Command Line Interface (AWS CLI) to register the member account as a delegated administrator. For more information on configuring an account as a delegated administrator, see Register a delegated administrator.
Note: If you receive errors when you run the AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Confirm if the use or role has adequate permissions

The error might occur because the user or role doesn't have these minimum required permissions to run list-stack-sets from a delegated administrator account:

"organizations:ListDelegatedAdministrators",   
"cloudformation:ListStackSets"

The user or role must have permissions to run ListDelegatedAdministrators to list the AWS accounts that are delegated administrators in the organization. For more information on setting IAM permissions, see Adding and removing IAM identity permissions.