I am aiming to setup an infrastructure child account in our org to share a transit gateway with aims to move from control tower nat gateway. I have configured through the management account the enabling of shared resources in resource manager for the org, however when I try to create the share in the child account for the rest of the org, I get an error that the org cannot be found as a principal.

If there is a better way to do this I am open to suggestions!

It can be solved using Resource Access Manager. Ensure that the user or role attempting to create the share in the child account has the necessary permissions. The user/role should have the ram:CreateResourceShare and ram:AssociateResourceShare permissions. Also make sure that the Resource Manager service is properly enabled and configured in the child account. The child account should have the service-linked role created.

answered 5 months ago

