How do I troubleshoot errors related to the AWS Organizations agreement for AWS Artifact?

3 minute read

I get an account or permission error when I try to access or download an AWS Organizations agreement with AWS Artifact.

Resolution

Follow the instructions to resolve the following errors.

"Your account isn't in an organization. To create or join an organization, follow the instructions in Creating and Managing an AWS Organization"

You get this error because you're logged in to the AWS Management Console with an AWS account that isn't part of AWS Organizations. To accept an organization agreement, create an organization for your account.

"You are signed in to the management account of an organization in AWS Organizations. You can manage agreements for your management account and for all member accounts in your organization. By continuing, you grant AWS permissions to create an IAM role to identify the member accounts in your organization in AWS Organizations."

You get this error because the trusted access for AWS Artifact isn't activated from the AWS Organizations console in the management account. Activate the trusted access for AWS Artifact from the management account of the organization.

To download the organization agreements that are valid for all accounts in the organization, complete the following steps:

Open the AWS Artifact console from the management account.
Choose Organization Agreements.
Select the organization agreement, and then choose Download agreement.

Note: You can't use a member account to accept organization agreements. You can view or download organization agreements from only the member accounts of an organization.

"You don't have the permissions to retrieve information about your AWS account's organization. You need permissions to describe your organization"

-or-

"You don't have the permissions to download the agreement. You need permissions to download this agreement in AWS Artifact"

You get these errors because the AWS Identity and Access Management (IAM) user policy doesn't grant permission to access organization agreements.

To manage your agreements through the management account, use the policy in Example policies to manage agreements for the management account.

To manage your agreements through a member account, use the policies in Example policies to manage organizational agreements.

"Your organization must be enabled for all features"

You get this error because your organization is configured only for consolidated billing. To use organization agreements in AWS Artifact, activate your organization for all features with AWS Organizations. For more information, see Enabling all features for an organization with AWS Organizations.

Related information

Managing agreements in AWS Artifact

Identity and access management in AWS Artifact

Example IAM policies for AWS Artifact in commercial AWS Regions

Topics

Security, Identity, & Compliance

Relevant content

Troubleshooting AWS Account Removal from Organization Unit
Accepted Answer
nmos
asked a year ago
How to deactivate or remove the root user from an account in AWS?
Andres Cruz
asked 2 years ago
getting "An error occurred while trying to deliver the mail to the following recipients" error
hknerdr
asked 5 months ago
How to get the maximum number of AWS accounts in an organization?
Jonas
asked 2 years ago
How do I add a member account to the AWS Control tower managed Organization?
Accepted Answer
Qasim
asked a year ago
How do I troubleshoot the error "You have exceeded the allowed number of AWS accounts" for AWS Organizations?
AWS OFFICIALUpdated 2 months ago
How do I resolve errors that I receive when I set up an AWS Organizations member account as a delegated administrator for AWS Config rules?
AWS OFFICIALUpdated 7 months ago
How can I activate a BAA agreement for my organization using AWS Artifact?
AWS OFFICIALUpdated 3 years ago
How do I remove a member account from an organization in AWS Organizations when I can't sign in to the member account?
AWS OFFICIALUpdated 2 years ago
How to use the AWS CLI to collect Cost Explorer Forecasting data per account for all accounts in an AWS Organization
EXPERT
Fernando_F
published 2 years ago