AWS discovery creates DynamoDB records which don't exist on different child service accounts


Description

When AWS management account discovery is configured, Discovery creates DynamoDB records (which are only configured on the management account) on the child service accounts.

These duplicated DynamoDB records should not be created.

Cause

The issue happens when the credential of management account is used on the child account.



Resolution

Please make sure the credential field on child accounts is correct.

In most cases it should be empty for child accounts (e.g. you are using assume role from management account, or using IAM Profile).

However you can also set credential for child account if the credential is created in the IAM on the child account.


You may refer to documentation below to configure AWS management account discovery:

Assume an AWS role for temporary Cloud Discovery credentials