In this case, you must take two recovery steps before you can proceed with enrolling your existing account. First, you must terminate the Account Factory provisioned product through the AWS Service Catalog console. Next, you must use the AWS Organizations console to manually move the account out of the OU and back to the root. After that is done, create the AWSControlTowerExecution role in the account, and then fill in the Enroll account form again.
Since you already have the account in the root, try to create a new temporary OU outside of Control Tower through Organizations, move the failed account into that OU, then register the OU with CT to perform the enrollment. That will start the enrollment process again.
Hi Matt, I was able to create a new OU and move the failed account to this OU in AWS organizations. In CT I then registered the OU, the account enrolled successfully. I then moved it to the correct OU, in AWS Organizations and then updated the account via CT. It was enrolled successfully in correct OU.
Thanks for your help. Declan
Issue building Control tower landing zone on a new account - AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try againAccepted Answerasked 10 months ago
Can I join master account Landing Zone to another AWS Partner Org for billing purpose?asked a month ago
Enrolling existing AWS accounts in new OUasked 8 months ago
Account enrollment failed.Accepted Answerasked 3 months ago
AWS Control Tower - Ownership accountasked 3 months ago
AWS Control Tower failed to set up your landing zone completely: AWS Control Tower is not authorized to baseline the VPC in the enrolled account.asked 3 months ago
Unable to recovery from enrollment of existing account to control towerasked 4 months ago
Landing zone drift detectedasked 2 months ago
Multiple AWS Control Tower(Landing Zone) in single management accountAccepted Answerasked 4 months ago
AWS Landing Zone to AWS Control Tower Migrationasked 5 months ago