ConfigService / Client / exceptions / OrganizationAccessDeniedException
OrganizationAccessDeniedException#
- class ConfigService.Client.exceptions.OrganizationAccessDeniedException#
For
PutConfigurationAggregator
API, you can see this exception for the following reasons:No permission to call
EnableAWSServiceAccess
APIThe configuration aggregator cannot be updated because your Amazon Web Services Organization management account or the delegated administrator role changed. Delete this aggregator and create a new one with the current Amazon Web Services Organization.
The configuration aggregator is associated with a previous Amazon Web Services Organization and Config cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a new one with the current Amazon Web Services Organization.
You are not a registered delegated administrator for Config with permissions to call
ListDelegatedAdministrators
API. Ensure that the management account registers delagated administrator for Config service principal name before the delegated administrator creates an aggregator.
For all
OrganizationConfigRule
andOrganizationConformancePack
APIs, Config throws an exception if APIs are called from member accounts. All APIs must be called from organization management account.Example
try: ... except client.exceptions.OrganizationAccessDeniedException as e: print(e.response)
- response#
The parsed error response. All exceptions have a top level
Error
key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.Syntax
{}
Structure
(dict) –
For
PutConfigurationAggregator
API, you can see this exception for the following reasons:No permission to call
EnableAWSServiceAccess
APIThe configuration aggregator cannot be updated because your Amazon Web Services Organization management account or the delegated administrator role changed. Delete this aggregator and create a new one with the current Amazon Web Services Organization.
The configuration aggregator is associated with a previous Amazon Web Services Organization and Config cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a new one with the current Amazon Web Services Organization.
You are not a registered delegated administrator for Config with permissions to call
ListDelegatedAdministrators
API. Ensure that the management account registers delagated administrator for Config service principal name before the delegated administrator creates an aggregator.
For all
OrganizationConfigRule
andOrganizationConformancePack
APIs, Config throws an exception if APIs are called from member accounts. All APIs must be called from organization management account.Error (dict) – Normalized access to common exception attributes.
Code (string) – An identifier specifying the exception type.
Message (string) – A descriptive message explaining why the exception occured.