Professional Documents
Culture Documents
Troubleshooting general issues - AWS Organizations
Troubleshooting general issues - AWS Organizations
Troubleshooting general issues - AWS Organizations
Use the information here to help you diagnose and fix access-denied or
other common issues that you might encounter when working with AWS
Organizations.
Topics
Verify that you have permissions to call the action and resource that you
have requested. An administrator must grant permissions by attaching
an IAM policy to your user, group, or role. If the policy statements that
grant those permissions include any conditions, such as time-of-day or
IP address restrictions, you also must meet those requirements when
you send the request. For information about viewing or modifying
policies for a user, group, or role, see Working with Policies
(https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.ht
ml) in the IAM User Guide.
If you are signing API requests manually (without using the AWS SDKs
(http://aws.amazon.com/tools/) ), verify that you have correctly signed
the request
(https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
.
Verify that your requests are being signed correctly and that the request
is well formed. For details, see the toolkit
(http://aws.amazon.com/tools/) documentation for your chosen SDK or
Using Temporary Security Credentials to Request Access to AWS
Resources
(https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-
resources.html) in the IAM User Guide.
You can remove an account from your organization only if the account
has the information required for it to operate as a standalone account.
When you create an account in an organization using the AWS
Organizations console, API, or AWS CLI commands, that information
isn't automatically collected. For an account that you want to make
standalone, you must accept the AWS Customer Agreement, choose a
support plan, provide and verify the required contact information, and
provide a current payment method. AWS uses the payment method to
charge for any billable (not AWS Free Tier) AWS activity that occurs
while the account isn't attached to an organization. For more
information, see Leave an organization from your member account
(./orgs_manage_accounts_leave-as-member.html) .
Design your global applications to account for these potential delays and
ensure that they work as expected, even when a change made in one
location isn't instantly visible at another.
For more information about how some other AWS services are affected by
this, consult the following resources:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.