"You do not have sufficient permissions to perform this action."
That's the error message I get when trying to disable recording in AWS Config in the AWS Management console, but I have AdministratorAccess as my policy.
The docs talk about granting explicit permissions for Config, but AdministratorAccess already includes those permissions.
I didn't find any google results when using that exact error and the phrase "aws config".
When you've got full administrator access but are still getting denied, see if there is a Service Control Policy (SCP) attached to the account or organizational unit. Your permissions are the overlap between what the SCP allows/denies and what your IAM policies allow/deny.
When you enable AWS Control Tower, it automatically applies guardrails, including preventing such actions as disabling the AWS Config recorder, which makes sense since that is an important tool for maintaining compliance.