How to fix TrustedAccessDisabled for Resource data sync

Question

Help! I've set up a resource data sync through a delegated administrator in Systems Manager. When I open Explorer in the delegated admin account I'm getting the following error message:

There is a problem with your Resource data sync
The selected resource data sync is currently marked with status 'TrustedAccessDisabled.' This likely means that trusted access was disabled for the organization to create OpsItems for Security Hub findings. Please use management account to enable trust access.

This is message - to me - is rather vague.  Trusted Access seems to be turned on in all the correct places. Any advice I could get on solving this would be of great help!

Accepted Answer

OpsData Sync must be added as a service security principal in the master organization account [1]. In order to add it you have two ways [2], via console or via CLI.

- Via console, you can open the SSM console, Explorer, Settings, Configure Dashboard, Security Hub. You should find and click here on "Enable Access".

- Using the CLI, instead, you can use the following command:

```
aws organizations enable-aws-service-access --service-principal opsdatasync.ssm.amazonaws.com
```

[1] Using AWS Organizations with other AWS services - Permissions required to enable trusted access - https://docs.aws.amazon.com/en_us/organizations/latest/userguide/orgs_integrate_services.html#orgs_trusted_access_perms

[2] Using AWS Organizations with other AWS services - How to enable or disable trusted access - https://docs.aws.amazon.com/en_us/organizations/latest/userguide/orgs_integrate_services.html#orgs_how-to-enable-disable-trusted-access

How to fix TrustedAccessDisabled for Resource data sync

Relevant content