Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS MGN cli initialize runs successfully, but it doesn't set up right or admit to being initialized

-1

AWS MGN initialize-service returns success but the service never actually initializes. Can you check if there's a Service Control Policy or an AWS Organizations service access restriction blocking MGN? The service principal is mgn.amazonaws.com.

dougie@Mac tools % AWS_PROFILE=aws-temp-dev aws mgn initialize-service --region us-west-2 dougie@Mac tools % AWS_PROFILE=aws-temp-dev aws mgn describe-replication-configuration-templates --region us-west-2

aws: [ERROR]: An error occurred (UninitializedAccountException) when calling the DescribeReplicationConfigurationTemplates operation: Account not initialized

Additional error details: message: Account not initialized

Topics
Migration & Modernization
Tags
AWS Application Migration Service
Language
English
asked a month ago44 views
2 Answers
0

Based on the error you're experiencing, there are several potential causes for AWS Application Migration Service (AWS MGN) appearing to initialize successfully but not actually being initialized:

Service Control Policy or Organizations Restrictions: If your AWS account is part of an AWS Organization, Service Control Policies (SCPs) might be restricting the initialization actions. You should check with your organization administrator to verify that no SCPs are blocking MGN-related actions.

Trusted Access Requirements: To use AWS MGN, particularly with AWS Organizations, you must activate trusted access for the service. This requires logging in as the management account, selecting Global view from the navigation menu, and enabling AWS Organizations service access. Without proper trusted access configuration, the service may not initialize correctly even if the CLI command returns success.

Permissions Issues: The most common cause of this error is insufficient permissions. You must be the administrator of your AWS Account to initialize AWS MGN. If you're not the admin user, you'll encounter initialization failures even if the CLI command appears to succeed. The initialization process requires specific IAM permissions that may not be present in your current role or user.

Recommended Steps:

  1. Verify you're using an administrator account with full permissions
  2. Check for any Service Control Policies in AWS Organizations that might be blocking MGN actions
  3. Ensure trusted access is enabled for MGN in AWS Organizations (service principal: mgn.amazonaws.com)
  4. Review your IAM policies to confirm they allow all necessary MGN initialization actions

The discrepancy between the successful CLI response and the actual initialization failure suggests a permissions or organizational policy issue rather than a technical failure of the service itself.
Sources
Activate trusted access for AWS Application Migration Service - Application Migration Service
How do I troubleshoot when User: arn is no authorized to perform Create * or Delete * or Update * on resource(s) because no identity- policy allows the actions | AWS re:Post
Troubleshooting launch errors - Application Migration Service

answered a month ago
EXPERT
reviewed a month ago
0

Based on your error - UninitializedAccountException - your account has not been setup. You need to wait sometime and retry. If you have setup the account using Landing Zone, it's possible though the account is created, it's in a stuck state.

EXPERT
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content