1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi There
Do you have any custom SCP's on your OU's that would be denying access to the ControlTowerExecutionRole?
Contenus pertinents
- demandé il y a un an
- Réponse acceptéedemandé il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
There are no SCPs which are denying access to the ControlTowerExecutionRole.
I am suspecting Cloudformation as I have retried several times and deleted some failed stacks. Will that cause any failures?
Are there any stack sets in the DELETE_FAILED state in ANY account (log archive or audit accounts)? Do you have ANY custom SCP that might be interfering? Can you can try a Landing Zone repair?
There are no stack sets in DELETE_FAILED state in any acccount. Only five SCP enabled and they are not related. Landing zone is not shown/reachable. There is a retry but on top of Control Tower dashboard. "Enrolled accounts" and "Registered organizational units" are empty.