2 Answers
- Newest
- Most votes
- Most comments
0
Did you check the correct organizational unit(OUs) or member account? If you go to your management account - AWS Organizations - Policies - Service control policies. What can you see?
answered a year ago
0
Try the following:
Add the logs:DeleteLogGroup permission for arn:aws:logs:${region}
answered a year ago
Attach that action on that resource to what principal? If you mean AWSControlTowerExecution, it already has admin level permissions as created by Control Tower.
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 months ago
Yup, I checked the SCPs and it's showing only FullAWSAccess in place both at the root and all child nodes of the org tree.