By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

New account creation gives error via Control Tower Account factory console but works from Service Catalog console.

0

Got an issue where Control Tower Account Factory could not create new account and error received was "AWS Control Tower cannot enrol the account. There's an error in the provisioned product in AWS Service Catalog: Specified ProvisioningArtifactId does not exist: pa-kckebjcahx3gi".

I checked in Service Catalog and can see that sso user is already added under "Access" starting as "aws-reserved/sso.amazonaws.com/AWSReservedSSO_AWSAdministratorAccessxxxxxxxxx" (this was used to login into the account)

Account gets vended via Service Calatog console successfully. The above error comes only via account factory console. Any idea what is missing and why account creation does not work via Account Factory Console?

I read other repost similar articles but was not much helpful.

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS Control TowerAWS Service CatalogAWS IAM Identity Center
Language
English
AWS
rePost-User-5454640
asked 4 months ago151 views
1 Answer
0

one of the reason is if you login as root, it will not allow you to create accounts. If you login as IAM/ Identity center user, you should be able to create accounts using account factory.

AWS
Jhalak Modi
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content