Questions tagged with AWS Service Catalog
Content language: English
Sort by most recent
Control Tower / Account Factory / Email Validation
Hi, I'm looking for a way to add a regular expression for email validation for Control Tower Account Factory. I would like my email addresses respect my company policy. New accounts must be created with email@example.com How can I achieve this? Thanks for your help
Unable to purchase prepaid Hits
Hi, I am new to Mturk and very confused about the process for purchasing prepaid Hits. I was following the process described in the FAQ of the Amazon Mturk page (https://www.mturk.com/help#enable_aws_billing): ========================================= How do I purchase prepaid HITs on Amazon Mechanical Turk? Follow these steps to purchase prepaid HITs: 1. From your Amazon Mechanical Turk account, go to My Account -> Purchase Prepaid HITs. 2. Enter in the amount you would like to purchase. 3. Select the credit or debit card on file or enter in new credit or debit card information. 4. Confirm your purchase. Note: As a US Requester, you may be prompted to establish a verified Amazon Payments account if you plan to make a purchase above certain amounts. You can create a verified Amazon Payments account at any time here. ========================================= First of all, I am NOT ABLE TO find "Purchase Prepaid HITs" on "My Account" page. So, I tried to establish "a verified Amazon Payments account" as it directs, and I am in the stage when I encounter "We’re verifying your identity now, and we’ll send you an email when the verification is complete. This can take up to 24 hours. You can’t use your account until we’ve verified your identity." But it has been more than two weeks since I saw that message. What is wrong with my whole process? I really do want to purchase prepaid HITs but I am not able to...
Enrolling existing AWS accounts in new OU
Hi , I have created new AWS account and set up Control tower, a landing zone, account factory and a new OU, with the intention of enrolling a number of our existing AWS accounts into a the new OU. (these accounts had previously been enrolled in another OU in a different AWS account but they were removed from that account prior to begining this process). In my new account, the accounts are added to the relevant OU, but when I try to enroll them in control tower by re-registering the OU I get the following error : *AWS Control Tower is unable to assume the AWSControlTowerExecution role in the account. Be sure the role is present in the account, or add it.* I had to log onto each account and update the AWSControlTowerExecution to allow access from the new Management account ( the role was there,but it was only allowing access to the previous management account). Once that was done, I removed the constraints, products, users and deleted the portfolio for the landing zone provisioned product in the service catalouge. As recommened in this article : https://docs.aws.amazon.com/controltower/latest/userguide/troubleshooting.html I then tried to re enroll these accounts again , but I am still having issues. I got the error *AWS Control Tower can't create your account due to potential drift in your landing zone. Check your landing zone and try using the advanced account provisioning method to create your account* so I tried repairing the landing zone - this didn't work. I have also tried to remove the account and re add it to the OU & re - register the OU, but I am getting the following error : Pre-check location OU or account ID OU or account name Pre-check type Landing Zone "xxxxx" Landing zone Add the IAM user to the AWS Service Catalog portfolio before registering your OU. But I don't know what IAM user to add to the service catalog profolio. I would be greatfull for any advice / guidence, thanks
AWS NTP Server Access
Doesn't AWS have a publicly available NTP server at 169.254.169.123:123? I get destination host unreachable when I ping from my local PC. I've tried using command line and powershell from 2 different computers. I'm able to successfully ping and sync NTP time with time.google.com. *Edit* Here is the article where I found the NTP server address: https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/
AWS Issue - Fragmented View of Services Due To Acct/Role
Hi AWS Community: We run our tenant with multiple VPC's along with account/role based on permissions granted. While this does a good job segmenting it presents a "front-end" issue: our tenant lacks a top-down view of all service configuration/reporting. Example - we use Inspector to scan all 100 EC2's. The problem is I cannot get a single report or even view into ALL results... they are broken out based on what the logged in acct/role can see. That produces what is at best a fragmented view - incredibly inefficient & prone to blind spots. This issue persists across all services. How does one solution this - either within AWS (preferable) or if not does anyone have suggestions for 3rd-party vendors who can help reconcile this?
Control Tower - Unable to add new account to the Security OU?
Hello, I'm setting up a new Control Tower managed organization using https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/ as a reference. This suggests creating a Security Tooling account under the Security OU for services such as GuardDuty, Security Hub, etc. When I try to create this account in the Service Catalogue, the Security OU isn't available to select for the ManagedOrganiszationalUnit preference (all other OU are though). How can I add a CT managed account to the Security OU? Thanks!
How to delete AWS member account if there is no access to email used to create that account?
Hello , I have used dummy emails to create few member accounts as part of my IAC code testing and since they are dummy emails i do not have root email credentials to login and delete those member accounts , what do i need to do in this case ? i have access to the management account though. Thank you and appreciate your help !
Naming convention for service groups
What is the deciding feature that determines whether a service has the **Amazon** or **AWS** prefix? Looking at the answers online, there does not appear to be a consensus. From my exploration of the platform, it seems that **AWS** often refers to **IaaS** and **PaaS** services, while Amazon tends to be reserved for **SaaS**. Is this about right? Is there a better way to think about the naming convention? Thanks!