- organizations:ListRoots
- organizations:ListTargetsForPolicy
- organizations:ListAWSServiceAccessForOrganization
- organizations:DescribePolicy
- organizations:ListPolicies
- organizations:ListAccountsForParent
- organizations:ListAccounts
- organizations:DescribeOrganization
- organizations:ListOrganizationalUnitsForParent
# IAM permissions needed to assume role from the target accounts.
# Specify resource to restrict access to specific roles.