- Newest
- Most votes
- Most comments
I would review what SCP's you have in place in your ORG/OU's https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
If using control tower, you may have turned on some controls which places SCP's into effect to prevent specific actions. There are mandatory controls inplace https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-controls.html
Here is some documentation which also relates to an SCP to block QuickSight https://docs.aws.amazon.com/quicksight/latest/user/security-scp.html
The error you got is typically caused indeed by SCP.
Suggestion is to access or request the account owner/organization to and, modify the explicit SCP deny by allowing your account for instance to perform the quick sight action.
I am getting the same error, i think this is the issue with AWS account which is in below ARN. That account is owned by AWS and its referred by CFN to get some template. as I dont have anything in us-east-1 and below account is not part of my organisation.
arn:aws:quicksight:us-east-1:223485597511:template/cudos_dashboard_v3 with an explicit deny in a service control policy
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 years ago