Firewall Manager not including all accounts in Organizational Unit

Question

We have a Firewall Manager set up to apply to a particular OU, but for some reason it is only applying to approximately half of the accounts in the OU. There does not seem to be any immediately obvious differences between the accounts. If the account IDs are added manually, the Firewall Manager happily applies its policy.

The accounts do not show up as within policy scope but with issues, they simply stay in the "Accounts outside policy scope" list.

What could cause our accounts to not be added to the Firewall Manager policy scope despite others in the OU being added just fine?

Answer

There can be few reasons, the best is to raise a support ticket and support team would be able to help you. reasons that I can think of:
1. Sometime it can take few minutes for policies to be applied. you can try simply log out and log in again to check if policy is working or not.
2. Policy doesn't apply to existing resources if you are trying to do that.

Answer

Hello

To answer your question, we require details that are non-public information. Please open a support case with AWS Premium Support using the following link: https://console.aws.amazon.com/support/home#/case/create

Please do not post any sensitive information (such as account ID, policy id, organizational unit ID,  etc) over re:Post since this is a public platform

Firewall Manager not including all accounts in Organizational Unit

Relevant content