python enablesecurityhub.py --master_account MASTERACCOUNTID --assume_role ManageSecurityHub --enabled_regions ap-south-1 enable.csv
Enabling members in these regions: ['ap-south-1']
Assumed session for MASTERACCOUNT ID.
Error Processing Account MEMBERACCOUNTID
Failed Accounts
XXXXXXXXX:
ClientError(u'An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::MASTERACCOUNTID:assumed-role/ManageSecurityHubInstanceRole/i-0a8a33c4f573xxxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::MEMBERACCOUNTID:role/ManageSecurityHub',)
Option 1 selected. [EC2 instance with enablesecurityhub]
Could see the same IAM roles in master account and member account. Ran CFT to create the roles and instance profile,policy. Not sure what am i missing here. Any assistance here please.
python enablesecurityhub.py --master_account MASTERACCOUNTID --assume_role ManageSecurityHub --enabled_regions ap-south-1 enable.csv Enabling members in these regions: ['ap-south-1'] Assumed session for MASTERACCOUNT ID. Error Processing Account MEMBERACCOUNTID
Failed Accounts
XXXXXXXXX: ClientError(u'An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::MASTERACCOUNTID:assumed-role/ManageSecurityHubInstanceRole/i-0a8a33c4f573xxxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::MEMBERACCOUNTID:role/ManageSecurityHub',)
Option 1 selected. [EC2 instance with enablesecurityhub]
Could see the same IAM roles in master account and member account. Ran CFT to create the roles and instance profile,policy. Not sure what am i missing here. Any assistance here please.