By using AWS re:Post, you agree to the Terms of Use

Unable to recovery from enrollment of existing account to control tower

0

Hey,

We have an existing account, we tried to add to control tower enrollment. It failed and compliance status is unknown.

So tried to recover by deleting the account factory provisioned product and add the account back to Ou.

But did not solve my problem, since I could not see the enroll option enabled, it is in disabled state.

We have role created in new account, sts is enabled. Please guide me on how can I recover it

1 Answers
0

Hi There Have you tried moving the account to the root OU and then enrolling it?

From https://docs.aws.amazon.com/controltower/latest/userguide/troubleshooting.html#enrollment-failed

In this case, you must take two recovery steps before you can proceed with enrolling your existing account. First, you must terminate the Account Factory provisioned product through the AWS Service Catalog console. Next, you must use the AWS Organizations console to manually move the account out of the OU and back to the root. After that is done, create the AWSControlTowerExecution role in the account, and then fill in the Enroll account form again.

If that does not enable the Enroll button, then try creating a new OU, moving the account into that OU, and registering that OU. That will start the enrollment process again.

profile picture
answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions