Hi,
I'm really confused on what just happened. I didn't have any prior IAM accounts / OU's just my root account with billing attached.
I tried to enable control tower with the default OU's Sandbox, and Security + the recommended Log Archive and Audit accounts.
Everything was pretty much default.
After waiting 24 hours, I tried to load control tower and it gave me the following error:
"AWS Control Tower failed to set up your landing zone completely: AWS Control Tower cannot complete the operation because activation of account [REDACTED] is not complete. Try again in one hour. If this error persists, contact AWS Support."
Every time I tried to retry the Control Tower setup, it would complain that one was already set up.
So I figured I'd try to just delete the identity center accounts and I think it led me to the problem. It wanted me to "Complete account sign up" for each of the accounts that control tower created so, add a billing card, and perform the phone call pin verification.
I was under the impression that control tower would handle the creation and activation of those accounts. Does it really expect me to log into each one and add billing and do phone pin verification? Super lost..
Thanks in advance!
AWS OFFICIALUpdated a year ago
