- Newest
- Most votes
- Most comments
This is a common issue when setting up AWS Control Tower in new AWS accounts. Even though your Service Quotas may show a limit of 10 accounts, there can be hidden limitations on brand new AWS accounts that aren't immediately reflected in the Service Quotas console.
Here are some approaches to resolve this issue:
-
Launch a free tier EC2 instance (such as an Amazon Linux AMI on a t2.micro) in your management account, wait about 15-20 minutes, and then retry the Control Tower setup. This often helps establish account credibility with AWS systems.
-
Check for pending or failed account creations that might be counting against your quota. Even if you only see two active accounts, a failed account creation attempt (like the Log Archive account) might still be consuming a quota slot temporarily.
-
Open a free support case by choosing "Account and Billing" in the AWS Support Center Console. Even without a paid support plan, AWS can assist with account-related issues like this.
-
Check if there are any failed provisioned products in Service Catalog that might be blocking the process.
-
If you've tried setting up and deleting Landing Zones multiple times, there might be residual artifacts causing issues.
If none of these solutions work, you may need to decommission your landing zone using the AWS CLI and start again with the setup process.
Sources
AWS Control Tower cannot create an account because you have reached the limit on the number of accounts in your organization. | AWS re:Post
ControlTower - Your existing service limits for this AWS account are not sufficient for AWS Control Tower to launch. | AWS re:Post
