OrganizationAccountAccessRole + Stacksets

0

Will having OrganizationAccountAccessRole with only billing facility allow to access/create resources in member accounts using stacksets

Keerthi
asked 3 months ago171 views
1 Answer
0

Hello.

I think an error will occur if the IAM policy for creating AWS resources is not set in "OrganizationAccountAccessRole".
In other words, if you have an IAM policy with only a billing facility, you will not be able to create AWS resources, which will result in an error.

with only billing facility allow

I think it's a good idea to create "AWSCloudFormationStackSetExecutionRole" in the member account and set the IAM policy required to create AWS resources.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html

profile picture
EXPERT
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions