Hi,
I was trying to setup Control Tower on personal account but it failed with below reason. In this account earlier I had OU and couple of accounts under OU. But all have been closed couple of days ago.
ERROR:-
AWS Control Tower failed to set up your landing zone completely: AWS Control Tower failed to update a stack instance. Reason: User: arn:aws:sts::<UNKNOWN_ACCOUNT_NUMBER>:assumed-role/AWSControlTowerExecution/e5c24f06-bc30-4429-8817-7659776eb838 is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-2:<UNKNOWN_ACCOUNT_NUMBER>:stack/StackSet-AWSControlTowerLoggingResources-e20e52bb-b6a8-4463-b5f6-26c3bdf0f6be/* with an explicit deny in a service control policy Learn more
END ERROR
I am not sure what this 'UNKNOWN_ACCOUNT_NUMBER'(0355XXXXXXXX) is? it doesn't belong to any of my accounts(management or suspended).Does anyone have idea why ControlTower setup failed?
Thanks in advance.
AWS 官方已更新 2 年前
