When you use the management account or a delegated administrator account in an active resource directory to create a stack group that has service-managed permissions, you must enable trusted access to grant service-managed permissions to the account.
Background information
If you use the management account to create a stack group that has service-managed permissions, you must enable trusted access for the account.
If you use a delegated administrator account to create a stack group that has service-managed permissions, you must enable trusted access for the management account and the delegated administrator account.
Procedure
You must enable trusted access in Resource Orchestration Service (ROS) only the first time you create a stack group that has service-managed permissions.
Log on to the ROS console by using the management account or a delegated administrator account.
In the left-side navigation pane, click Stack Groups.
In the top navigation bar, select the region where you want to create a stack group from the region drop-down list.
On the Stack Groups page, click Create Stack Group.
In the Select Template step, specify a template based on your business requirements and click Next.
For more information, see Step 3: Create a stack group.
In the Configure Parameters step, configure the Stack Group Name and Stack Group Description parameters, and click Next.
In the Configure Stack Group step, click Enable Trusted Access.
Proceed to the subsequent operations to create the stack group.
For more information, see Step 3: Create a stack group.