> For the complete documentation index, see [llms.txt](https://docs.archera.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.archera.ai/help-center/aws-faq/sub-account-script-failure.md). # Why Did the AWS Sub-Account Connection Script Fail? If the Bash script generated to help you connect your AWS sub-accounts to Archera using the role fails with an error message such as: ``` An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::000000000... ``` The most likely issue is that the AWS sub-account was **Invited** to the AWS Organization and not created within the organization. When an account is invited (as opposed to created), AWS does not automatically provide the [pre-generated OrganizationAccountAccessRole](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html) that would allow the Master billing account to have permissions to assume a role in that account. ## How to Fix This To fix this you will need to skip the Script and manually go through the process of connecting each sub-account by creating a custom IAM role in each sub-account that the Master account can assume. Please reach out to our support team if you need additional help with this process. ## Related Resources * [Can I test Archera in an AWS Sub-Account?](/help-center/aws-onboarding/test-in-subaccount.md) * [Does Archera support multiple AWS accounts in a consolidated billing family?](/help-center/aws-faq/consolidated-billing-multiple-accounts.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.archera.ai/help-center/aws-faq/sub-account-script-failure.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.