- Newest
- Most votes
- Most comments
If you plan to bring existing AWS accounts into AWS Control Tower as Audit and Log archive accounts, and if those accounts have existing AWS Config resources, you must delete the existing AWS Config resources completely, before you can enroll these accounts into AWS Control Tower for this purpose. For accounts that are not intended to become Audit and Log archive accounts, you can modify the existing Config resources.
This blog covers the process of enrolling accounts with existing config resources - https://docs.aws.amazon.com/controltower/latest/userguide/existing-config-resources.html
It is recommended that the existing accounts being enrolled does not have an AWS Config configuration recorder or delivery channel. These may be deleted or modified through the AWS CLI before you can enroll an account. Please refer for more details: https://docs.aws.amazon.com/controltower/latest/userguide/enrollment-prerequisites.html
Relevant content
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago