By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Control Tower not Enrolling any account after re-provisioning the IAM Identity Center

0

Background: I have provisioned a new control tower. It did setup the IAM identity centre along with it. I updated the directory DNS to e.g. "XYZ". Later my team suggested we should update the sso url to something else e.g. "ABC". To update the SSO url, I deleted the IAM identity centre and re-provisioned it.

However, After that our control tower started failing the Account Enrolment. After looking at the cloudtrail log we found following error ""errorMessage": "DirectoryId: d-XXXXXXX or directory type: UserPool in the request not found."

We noticed control tower is still pointing to the old directory. Could you help how we can point control tower to the new directory.

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS Control TowerAWS OrganizationsAWS IAM Identity CenterAWS Account Management
Language
English
shy-aws-user
asked 10 months ago296 views
1 Answer
0

Hi There

Have you tried a landing zone repair? https://docs.aws.amazon.com/controltower/latest/userguide/resolve-drift.html

Go to Control Tower dashboard, choose Landing Zone Settings, choose the latest version and click Repair.

profile pictureAWS
EXPERT
Matt-B
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content