I've successfully tested OCC with AWS and a single AWS account. However, after following the setup instructions to reconfigure OCC to work with AWS across multiple accounts, any attempt to select a role on AWS results in this error:
OCC is successfully fetching the roles from all accounts and I've configured my OCC account to be able to select different roles from different accounts. However, it doesn't matter which role I pick, I get the same error.
What isn't clear in the documentation is how the trust policy in each role should be configured in a multi-account scenario. It isn't clear if I should be using the ARN for the master account IDP or the ARN for the IDP in that specific account.
I've actually tested both ARNs and neither works.
I'm completely stuck as to what has gone wrong here.
New integrations should follow the setup instructions from the Sign On tab and on the View Setup Instructions section of the Amazon Web Services app in OAN. In the case that every step has been followed from the guide and you are still encountering this issue, then the issue may reside on the AWS configuration. Please check the AWS documentation regarding the trust policy.
If you still require assistance from us, please feel free to open a support case with us and we will be able to assist you further.