- 最新
- 最多得票
- 最多評論
I would review what SCP's you have in place in your ORG/OU's https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
If using control tower, you may have turned on some controls which places SCP's into effect to prevent specific actions. There are mandatory controls inplace https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-controls.html
Here is some documentation which also relates to an SCP to block QuickSight https://docs.aws.amazon.com/quicksight/latest/user/security-scp.html
The error you got is typically caused indeed by SCP.
Suggestion is to access or request the account owner/organization to and, modify the explicit SCP deny by allowing your account for instance to perform the quick sight action.
I am getting the same error, i think this is the issue with AWS account which is in below ARN. That account is owned by AWS and its referred by CFN to get some template. as I dont have anything in us-east-1 and below account is not part of my organisation.
arn:aws:quicksight:us-east-1:223485597511:template/cudos_dashboard_v3 with an explicit deny in a service control policy
相關內容
- 已提問 1 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前