# Why Did the AWS Sub-Account Connection Script Fail? If the Bash script generated to help you connect your AWS sub-accounts to Archera using the role fails with an error message such as: ``` An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::000000000... ``` The most likely issue is that the AWS sub-account was **Invited** to the AWS Organization and not created within the organization. When an account is invited (as opposed to created), AWS does not automatically provide the [pre-generated OrganizationAccountAccessRole](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html) that would allow the Master billing account to have permissions to assume a role in that account. ## How to Fix This To fix this you will need to skip the Script and manually go through the process of connecting each sub-account by creating a custom IAM role in each sub-account that the Master account can assume. Please reach out to our support team if you need additional help with this process. ## Related Resources * [Can I test Archera in an AWS Sub-Account?](/help-center/aws-onboarding/test-in-subaccount.md) * [Does Archera support multiple AWS accounts in a consolidated billing family?](/help-center/aws-faq/consolidated-billing-multiple-accounts.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.archera.ai/help-center/aws-faq/sub-account-script-failure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.