- Newest
- Most votes
- Most comments
Hi,
Most likely your organization has prohibited this operation on your account through an Service control policies (SCPs), a type of organization policy that you can use to manage permissions in your organization and that takes precedence over IAM permissions.
I recommend that you take a look at the following AWS documentation.
An SCP restricts permissions for IAM users and roles in member accounts, including the member account's root user. If a permission is blocked at any level above the account, either implicitly (by not being included in an Allow policy statement) or explicitly (by being included in a Deny policy statement), a user or role in the affected account can't use that permission, even if the account administrator attaches the AdministratorAccess IAM policy with / permissions to the user.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 3 months ago
- asked 5 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago