Initialize org-formation with root user about org-formation-reference HOT 3 OPEN

@NickDarvey did you ever figure out a work around? I'm having the same issue

from org-formation-reference.

hi!
completely missed this before.
The error is: ERROR: Roles may not be assumed by root accounts.
I kinda wonder what the intention was behind running these commands as root, but this step will need to be ran as an IAM user.

you might already have an IAM user provisioned in the target account (or otherwise temporarily create one) you can use by running aws configure or setting up your credentials in ~/.aws/credentials.

from org-formation-reference.

I managed to run the script after the following changes:

1. Created an IAM account in my MasterAccount
2. Assigned the predefined AdministratorAccess Permissions policy to the user created in 1.
3. Added a custom inline policy to allow assuming a role:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AssumeRole",
			"Effect": "Allow",
			"Action": "sts:AssumeRole",
			"Resource": "*"
		}
	]
}

4. Generated access keys for the IAM user created in step 1
5. Configured my AWS CLI to use the access key generated in step 4
6. Executed the following command to create the OrganizationFormationBuildAccessRole role:
   aws cloudformation create-stack --stack-name org-formation-role --template-body file://src/templates/000-org-build/role.yml --region eu-north-1 --capabilities CAPABILITY_NAMED_IAM
7. Ensured to update line 74 and line 77 with the correct email domain and address.
8. Finally executed npx org-formation update ./src/organization.yml --verbose to build.

This seems to be the expected procedure! If so, updating the documentation or creating a bootstrap script for this would be beneficial. I am happy to help out!

from org-formation-reference.