Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Control Tower Setup Failed

0

Hi, I was trying to setup Control Tower on personal account but it failed with below reason. In this account earlier I had OU and couple of accounts under OU. But all have been closed couple of days ago.

ERROR:-

AWS Control Tower failed to set up your landing zone completely: AWS Control Tower failed to update a stack instance. Reason: User: arn:aws:sts::<UNKNOWN_ACCOUNT_NUMBER>:assumed-role/AWSControlTowerExecution/e5c24f06-bc30-4429-8817-7659776eb838 is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-2:<UNKNOWN_ACCOUNT_NUMBER>:stack/StackSet-AWSControlTowerLoggingResources-e20e52bb-b6a8-4463-b5f6-26c3bdf0f6be/* with an explicit deny in a service control policy Learn more

END ERROR

I am not sure what this 'UNKNOWN_ACCOUNT_NUMBER'(0355XXXXXXXX) is? it doesn't belong to any of my accounts(management or suspended).Does anyone have idea why ControlTower setup failed?

Thanks in advance.

Topics
Management & Governance
Tags
AWS Control Tower
Language
English
asked 3 years ago645 views
1 Answer
0

Hi,

In case your account is not critical, I prefer that you could close and change your email on this AWS account. (Login to the root account) Then moving forward, create a new one to start from scratch because when deploying the Control Tower, it should follow the correct flow, or it will crash.

Best regards, Minh LE

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content