- Newest
- Most votes
- Most comments
I have very similar error. A brand new account and I tired to use ControlTower after few hours of account creation. I can see it created the two OUs and new AWS accounts for Log and Audits as well as SSO but now ControlTower screen is complaining that it cannot use an account which is already member of AWS Org or have SSO Setup which is pretty annoying.
Few things to check:
- Check https://console.aws.amazon.com/servicequotas/ to ensure you have not exceeded any quotas
- Check CloudWatch for errors
- Check CloudFormation StackSets to see errors if it got that far
- Ensure the email addresses you are using for the Logging & Audit accounts use the same domain as your master accoun, are less than 65 characters long, and are not associated with any other AWS accounts
- Ensure your payment method is valid and you do not have a past due invoice
- Follow this guide to make sure you have your account cleaned up and retry the creation: https://docs.aws.amazon.com/controltower/latest/userguide/walkthrough-delete.html
Looks like the error persisted, as the message warned it might. Did you contact AWS Support? I'd recommend doing so if you continue to encounter this issue.
Hi @Dan@AWS, I did not contact AWS support. We do not have a support subscription on this account, since it is for evaluation purposes. Our primary account, which is separate, has Business support. I think I'm going to end up paying for Developer support on this account to open the ticket.
It has persisted even after cleaning everything it created up and deleting the sub-accounts.
After deleting all resources, waiting a day, and trying again, it seems to be working now. There must've been some kind of delay in resource/account/organization deletion that required the wait. Thanks!
Relevant content
- AWS OFFICIALUpdated 14 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 7 months ago