Unable to recovery from enrollment of existing account to control tower

Question

Hey,

We have an existing account, we tried to add to control tower enrollment. It failed and compliance status is unknown.

So tried to recover by deleting the  account factory provisioned product and add the account back to Ou.

But did not solve my problem, since I could not see the enroll option enabled, it is in disabled state.

We have role created in new account, sts is enabled.
Please guide me on how can I recover it

Answer

Hi There
Have you tried moving the account to the root OU and then enrolling it?

From  https://docs.aws.amazon.com/controltower/latest/userguide/troubleshooting.html#enrollment-failed

`In this case, you must take two recovery steps before you can proceed with enrolling your existing account. First, you must terminate the Account Factory provisioned product through the AWS Service Catalog console. Next, you must use the AWS Organizations console to manually move the account out of the OU and back to the root. After that is done, create the AWSControlTowerExecution role in the account, and then fill in the Enroll account form again. `

If that does not enable the Enroll button, then try creating a new OU, moving the account into that OU, and registering that OU.  That will start the enrollment process again.

Unable to recovery from enrollment of existing account to control tower

관련 콘텐츠