By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Control Tower Setup Failed

0

Hi, I was trying to setup Control Tower on personal account but it failed with below reason. In this account earlier I had OU and couple of accounts under OU. But all have been closed couple of days ago.

ERROR:-

AWS Control Tower failed to set up your landing zone completely: AWS Control Tower failed to update a stack instance. Reason: User: arn:aws:sts::<UNKNOWN_ACCOUNT_NUMBER>:assumed-role/AWSControlTowerExecution/e5c24f06-bc30-4429-8817-7659776eb838 is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-2:<UNKNOWN_ACCOUNT_NUMBER>:stack/StackSet-AWSControlTowerLoggingResources-e20e52bb-b6a8-4463-b5f6-26c3bdf0f6be/* with an explicit deny in a service control policy Learn more

END ERROR

I am not sure what this 'UNKNOWN_ACCOUNT_NUMBER'(0355XXXXXXXX) is? it doesn't belong to any of my accounts(management or suspended).Does anyone have idea why ControlTower setup failed?

Thanks in advance.

Topics
Management & Governance
Tags
AWS Control Tower
Language
English
rePost-User-5975820
asked a year ago371 views
1 Answer
0

Hi,

In case your account is not critical, I prefer that you could close and change your email on this AWS account. (Login to the root account) Then moving forward, create a new one to start from scratch because when deploying the Control Tower, it should follow the correct flow, or it will crash.

Best regards, Minh LE

profile picture
Minh Le
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content