complete-aws-iam-reference icon indicating copy to clipboard operation
complete-aws-iam-reference copied to clipboard

Published 20 hours ago verified publisher icon widdix

organizations:ListAccounts

Open ekkards opened this issue 8 years ago • 3 comments

Even when the permission is granted via policy, the operation may fail with AccessDeniedException

  • Service: organizations
  • Action: ListAccounts

This apparently can happen, if the operation is called from within an account, which is subordinated to another account, eg. for consolidated billing. Then the organization hierarchy supersedes the assigned permission.

ekkards avatar Nov 15 '17 19:11 ekkards

Just to make sure that I understand this: The API actions only work in the org's root account ?

michaelwittig avatar Nov 16 '17 07:11 michaelwittig

The API action ListAccounts works in the org's root account, it does not work in the account, which has consolidated billing to the root account. No information about other situations, i.e. not sure about "only".

ekkards avatar Nov 18 '17 13:11 ekkards

i am also seeing this behavior.

kalinon avatar Jun 30 '23 13:06 kalinon