"ListDelegatedAdministrator operation: You don't have permissions to access this resource" error for Config Aggregator in the Organisation

Hello everyone,

I have a problem with AWS Config aggregator permissions.

I have organisation and under this organisation I have many subaccounts and users are logging in using the SSO roles. I'm the administrator in the management account and when I try to create AWS Config Aggregator for all accounts in org in the particular subaccount I get an error:

"An error occurred (AccessDeniedException) when calling the ListDelegatedAdministrator operation: You don't have permissions to access this resource."

Information about setup of the organisation:

There are no SCP policies configured
In the Services the Config is enabled
I run the command "$aws organizations register-delegated-administrator --service-principal config-multiaccountsetup.amazonaws.com --account-id member-account-ID" But it still shows the same error.

Topics

Management & Governance

Relevant content

Aggregation of AWS config Alerts
nishan
asked a year ago
AWS Control Tower - Config aggregators
Accepted Answer
Orlando
asked 7 months ago
Aws Config aggregator and Aws Config Rules
nishan
asked a year ago
AWS Config-Aggregator Cost
Sachin Jain
asked 5 months ago
How do I resolve errors with limitations for AWS Config advanced query?
AWS OFFICIALUpdated 5 months ago
Why is my AWS Config data not getting collected by the aggregator for my AWS account or AWS Organizations account?
AWS OFFICIALUpdated 3 years ago
How can I troubleshoot AWS Config console error messages?
AWS OFFICIALUpdated a year ago
How do I use the AWSSupport-SetupConfig runbook to use AWS Config in multiple AWS accounts?
AWS OFFICIALUpdated 7 months ago
Returning AWS Config aggregator results as CSV
EXPERT
James_S
published 2 years ago
IAM Access Analyzer now simplifies inspecting unused access to guide you toward least privilege
EXPERT
Nini Ren
published 5 months ago