By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

is not authorized to perform: lambda:GetAccountSettings on resource: * with an explicit deny in a service control policy

0

I don't have permission to service but I have administrator access is not authorized to perform: lambda:GetAccountSettings on resource: * with an explicit deny in a service control policy

Topics
Security, Identity, & Compliance
Tags
IAM Policies
Language
English
Nazar
asked 4 months ago394 views
1 Answer
0

Hi,

Most likely your organization has prohibited this operation on your account through an Service control policies (SCPs), a type of organization policy that you can use to manage permissions in your organization and that takes precedence over IAM permissions.

I recommend that you take a look at the following AWS documentation.

An SCP restricts permissions for IAM users and roles in member accounts, including the member account's root user. If a permission is blocked at any level above the account, either implicitly (by not being included in an Allow policy statement) or explicitly (by being included in a Deny policy statement), a user or role in the affected account can't use that permission, even if the account administrator attaches the AdministratorAccess IAM policy with / permissions to the user.

profile picture
EXPERT
Mikel Del Tio
answered 4 months ago
profile picture
EXPERT
MaxCloud
reviewed 4 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content