This is 3 steps process:
Create Zilla-IAM-Reader-Role in all member accounts of AWS organization. AWS Organization - AWS CloudFormation For Creating Zilla-IAM-Reader-Role In Member Accounts
Create Zilla-IAM-Reader-Role in Management Account of the AWS Organization. AWS CloudFormation For Creating Zilla-IAM-Reader-Role
Create Zilla-SSO-Reader-Role in Management Account of the AWS Organization. AWS CloudFormation For Creating Zilla-SSO-Reader-Role