使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Control Tower that the parent organizational unit is not enrolled in AWS Control Tower, when it is

0

I get the following error when i try to programmatically create a new account in a OU: InvalidParametersException The parent organizational unit 'ou-xxx-xxx' is not enrolled in AWS Control Tower

It's an empty OU without any accounts, but it says registered in the control tower console

主題
管理與治理
標籤
AWS Control TowerAWS OrganizationsAWS Service CatalogAWS Account Management
語言
English
McDoit
已提問 2 年前檢視次數 1425 次
1 個回答
3

Ok so it's unclear how you are programmatically create new account.

However, I'm assuming you are using the Service Catalog API, as specified here.

Please make sure the ManagedOrganizationalUnit field has the specific format of OU_NAME (OU_ID)

As seen below:

{
  pathId: "lpv2-7n2o3nudljh4e",
  productId: "prod-y422ydgjge2rs",
  provisionedProductName: "Example product 1",
  provisioningArtifactId: "pa-2mmz36cfpj2p4",
  provisioningParameters: [
    {
      key: "AccountEmail",
      value: "abc@amazon.com"
    },
    {
      key: "AccountName",
      value: "ABC"
    },
    {
      key: "ManagedOrganizationalUnit",
      value: "Custom (ou-xfe5-a8hb8ml8)"
    },
    {
      key: "SSOUserEmail",
      value: "abc@amazon.com"
    },
    {
      key: "SSOUserFirstName",
      value: "John"
    },
    {
      key: "SSOUserLastName",
      value: "Smith"
    }
  ],
  provisionToken: "c3c795a1-9824-4fb2-a4c2-4b1841be4068"
}
Jason_S
已回答 2 年前
profile picture
專家
Giovanni Lauria
已審閱 1 個月前
  • pfo
    1 年前

    Just to add on the answer here: the format for the provisioning parameter 'ManagedOrganizationalUnit' must match this for all level 2 and deeper nested OUs, the level 1 OUs (directly underneath the root level) do not require the 'OU (ou-id)' format.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容