- Newest
- Most votes
- Most comments
It looks like you might be logging into a member of the AWS Organization, not the Organization root account. One note of clarification here - there are root ACCOUNTS (the AWS account itself) and root USERS [1] (the user account you login with - the email address, not the IAM user [2]).
It also looks like you have some Service Control Policies (SCPs) [3] in place for the Organization that restrict actions of the root user in the member accounts.
If you login to the organization root account (shown under 'Root' in the Organization console) as a user with Admin privileges (or, as a last resort, root - but this is not recommended), you should have unrestricted access to make the changes you need to make to allow your member account IAM user (Mathias) to make the changes in the member account.
[1] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html [2] https://docs.aws.amazon.com/accounts/latest/reference/root-user-vs-iam.html [3] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Thank you so much. Yes, there were certain restrictions and I now understood better what's Root user and account.
Relevant content
- asked 9 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
Thank you for responding to confirm. If the answer helped, please accept the answer to help others in the future.