New account creation gives error via Control Tower Account factory console but works from Service Catalog console.
Got an issue where Control Tower Account Factory could not create new account and error received was "AWS Control Tower cannot enrol the account. There's an error in the provisioned product in AWS Service Catalog: Specified ProvisioningArtifactId does not exist: pa-kckebjcahx3gi".
I checked in Service Catalog and can see that sso user is already added under "Access" starting as "aws-reserved/sso.amazonaws.com/AWSReservedSSO_AWSAdministratorAccessxxxxxxxxx" (this was used to login into the account)
Account gets vended via Service Calatog console successfully. The above error comes only via account factory console. Any idea what is missing and why account creation does not work via Account Factory Console?
I read other repost similar articles but was not much helpful.
- 新しい順
- 投票が多い順
- コメントが多い順
one of the reason is if you login as root, it will not allow you to create accounts. If you login as IAM/ Identity center user, you should be able to create accounts using account factory.
