Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Two OUs. Unable to get new OU & Account Working. I says Registration not completed.

0

Hi,

I have built two OUs. We had one account and it was working fine. We decided to add another one. We went to Organization. Create two OUs. The one account is not working. It says registration not completed which is strange since it was created from Management account. Even after one week, it says the same, I dont know what step I need to take it to resolved. Our idea is to have separate set of IAM users for different OU / accounts. Please guide.

Topics
Management & Governance
Tags
AWS Management ConsoleAWS OrganizationsAWS Account Management
Language
English
asked a year ago121 views
1 Answer
0

It sounds like you're experiencing issues with registering a new Organizational Unit (OU) and account in AWS Control Tower. This is a common challenge, and there are a few steps you can take to resolve it:

  1. First, check the status of your account. If it shows "Enrollment failed" on the accounts page, there may be specific prerequisites that weren't met during the registration process.

  2. Ensure that the new account meets all the prerequisites for enrollment in AWS Control Tower. This includes having the necessary roles and permissions set up correctly.

  3. If the account status shows "Not enrolled," it means the account is a member of the parent OU but not fully managed by AWS Control Tower. In this case, you may need to manually enroll the account.

  4. Sometimes, the registration process can take longer than expected. If it's been a week, however, this is unusual. You might want to try re-registering the OU. This can be done from the OU details page.

  5. Check if there are any Service Control Policies (SCPs) or other organization-level policies that might be interfering with the registration process.

  6. Verify that your IAM user or IAM Identity Center user has the necessary permissions to register OUs and accounts. The user should have access to the AWS Control Tower Account Factory Portfolio.

  7. If you're still unable to resolve the issue, it may be helpful to check the AWS CloudTrail logs for any specific error messages related to the registration process.

Regarding your goal of having separate IAM users for different OUs/accounts, this is a good practice for maintaining security and access control. Once you've successfully registered your OUs and accounts, you can set up IAM users or, preferably, use AWS IAM Identity Center (formerly AWS Single Sign-On) to manage user access across your accounts.

If these steps don't resolve your issue, it would be advisable to contact AWS Support for further assistance, as they can provide more detailed troubleshooting based on your specific account configuration.
Sources
Common causes of failure during registration or re-registration - AWS Control Tower
Register an existing organizational unit with AWS Control Tower - AWS Control Tower
View your accounts - AWS Control Tower

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content