AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator


We recently noticed an interesting error in CloudTrail across multiple accounts: "errorMessage": "User: arn:aws:sts::123456789012:assumed-role/AwsConfigServiceRole/ConfigResourceCompositionSession is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::123456789012:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator because no identity-based policy allows the iam:CreateServiceLinkedRole action" According the above message, it looks like the AWS Config service role was trying to create the service linked role for Global Accelerator. The … Continue reading AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator