Control Tower Setup Failed

0

Hi, I was trying to setup Control Tower on personal account but it failed with below reason. In this account earlier I had OU and couple of accounts under OU. But all have been closed couple of days ago.

ERROR:-

AWS Control Tower failed to set up your landing zone completely: AWS Control Tower failed to update a stack instance. Reason: User: arn:aws:sts::<UNKNOWN_ACCOUNT_NUMBER>:assumed-role/AWSControlTowerExecution/e5c24f06-bc30-4429-8817-7659776eb838 is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-2:<UNKNOWN_ACCOUNT_NUMBER>:stack/StackSet-AWSControlTowerLoggingResources-e20e52bb-b6a8-4463-b5f6-26c3bdf0f6be/* with an explicit deny in a service control policy Learn more

END ERROR

I am not sure what this 'UNKNOWN_ACCOUNT_NUMBER'(0355XXXXXXXX) is? it doesn't belong to any of my accounts(management or suspended).Does anyone have idea why ControlTower setup failed?

Thanks in advance.

posta un anno fa356 visualizzazioni
1 Risposta
0

Hi,

In case your account is not critical, I prefer that you could close and change your email on this AWS account. (Login to the root account) Then moving forward, create a new one to start from scratch because when deploying the Control Tower, it should follow the correct flow, or it will crash.

Best regards, Minh LE

profile picture
Minh Le
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande