What are the permission requirements on AWS management account when using discovery schedule for multiple AWS child accountsSummaryAfter CAPI to Pattern migration, if you are using a single discovery schedule to discover multiple child accounts, discovery will try to launch the "Amazon AWS Service account" and "Amazon AWS - Sub Account (LP)" patterns using the management account / parent account on those child accounts. If you do not have any resource on the management account and would like to give it minimum permission for discovery to run, please provide below permission in IAM for the Management Account credential in AWS console: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "organizations:ListAccounts", "organizations:DescribeOrganization", "ec2:DescribeRegions", "organizations:DescribeAccount" ], "Resource": "*" } ]} The permission on child accounts remain the same as prior to the CAPI to Pattern migration - make sure proper credentials are configured on child service accounts or assume role requirements are properly set up.Related LinksFor general AWS Permission please refer to: Configure permissions on the AWS management console