Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Unable to recovery from enrollment of existing account to control tower

0

Hey,

We have an existing account, we tried to add to control tower enrollment. It failed and compliance status is unknown.

So tried to recover by deleting the account factory provisioned product and add the account back to Ou.

But did not solve my problem, since I could not see the enroll option enabled, it is in disabled state.

We have role created in new account, sts is enabled. Please guide me on how can I recover it

Themen
Management & UnternehmensführungCloud-Finanzmanagement
Tags
AWS Management ConsoleAWS KontrollturmAWS OrganisationenAWS AbrechnungAWS Kontoverwaltung
Sprache
English
rePost-User-6180192
gefragt vor 2 Jahren388 Aufrufe
1 Antwort
0

Hi There Have you tried moving the account to the root OU and then enrolling it?

From https://docs.aws.amazon.com/controltower/latest/userguide/troubleshooting.html#enrollment-failed

In this case, you must take two recovery steps before you can proceed with enrolling your existing account. First, you must terminate the Account Factory provisioned product through the AWS Service Catalog console. Next, you must use the AWS Organizations console to manually move the account out of the OU and back to the root. After that is done, create the AWSControlTowerExecution role in the account, and then fill in the Enroll account form again.

If that does not enable the Enroll button, then try creating a new OU, moving the account into that OU, and registering that OU. That will start the enrollment process again.

profile pictureAWS
EXPERTE
Matt-B
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt