How to change AccountName for a Control Tower managed account with Account Factory for Terraform

Hi, unfortunately Account Factory for Terraform (AFT) is unable to support this feature due to the was the underlying services function. However it is possible to change the account name. It just takes multiple steps.

1. Change the name of the enrolled account: https://docs.aws.amazon.com/controltower/latest/userguide/change-account-name.html
2. Since Control Tower creates a Service Catalog Provisioned Product for the new account, update the Account name in the product using this documentation https://docs.aws.amazon.com/controltower/latest/userguide/updating-account-factory-accounts.html#update-provisioned-product
3. Once those steps are completed, Control Tower should reflect the new Account Name.
4. To make sure AFT is in sync with the new Control Tower information, update the AFT account request that created the new account with the new name. That won't make any changes other than in DynamoDB tables for the AFT solution. But ensures all information is in sync.

Due to this it's important to try and keep Account Names reasonably static when they are created, they can be changed, it's just still partially manual. Even with using Control Tower directly without AFT, steps 1-3 would still need to be performed in scenarios where the name needs to be changed.

According to https://repost.aws/knowledge-center/change-organizations-name this must be done by the root user, which on the face of it means that even access keys for an IAM user with the AdministratorAccess policy attached would not be enough.

It's possible to create access keys for the root user https://docs.aws.amazon.com/accounts/latest/reference/root-user-access-key.html though as it says at the top of the page this isn't recommended by AWS.