0

I'm working on setting up Multi-Account AWS Landscape using AWS Control Tower - primarily Root --> Core-->Audit, Archive Root --> Custom --> Network, Security, QA and Prod Management Account.

I was able to successfully set up the Audit, Archive, Network and Security account, however, the QA and Prod enroll Account failed for the below reason. I followed the same steps for setting up Network, Security, QA and Prod accounts.

QA Account Error:

AWS Control Tower could not enroll your account for the following reason: AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try again. If this error persists, contact AWS Support.

Prod Account Error:

AWS Control Tower could not enroll your account for the following reason: AWS Control Tower detects that your enrolled account has been moved to a new organizational unit. The account is in an inconsistent state and you may incur unintended charges. To continue, terminate the account in AWS Service Catalog and enroll it again. If the move was not intended, return the account to its original OU and update the account from AWS Service Catalog.

James Z
  • 12,209
  • 10
  • 24
  • 44
siv
  • 91
  • 1
  • 5
  • 14
  • If this error persists, contact AWS Support. – Red Cricket Jun 05 '21 at 17:51
  • I did reach out to them by subscribing to the AWS Developer Support plan, its been 48 hrs no response. – siv Jun 05 '21 at 18:31
  • @siv having the same issue. did you manage to resolve it and if so, how? I can't see anything in AWS Service Catalog that I can terminate related to the account – James Crowley Oct 19 '21 at 10:15
  • I had to sign up for AWS Business support plan & use AWS service to resolve the issue – siv Nov 08 '21 at 02:05

2 Answers2

0

huge time gap between the issue and my recommendation, still putting out there thinking it might help someone...

aws cloudformation delete-stack-instances \
    --stack-set-name AWSControlTowerBP-BASELINE-CONFIG \
    --accounts $LOGACCOUNTID $DELEGATEACCOUNTID \
    --regions $REGION1 $REGION2 \
    --no-retain-stacks

retry again it will get through and create the tower then you can

32cupo
  • 850
  • 5
  • 18
  • 36
Prakash Sinha
  • 1
0

Regards this error "Be sure your account is subscribed to the AWS EC2 service, then try again. If this error persists, contact AWS Support" which I received when migrating to my Organisation using Control Tower I resolved it by force updating my billing preferences adding a dot to my address line and re-verifying my credit card. Seems odd, but found this solution elsewhere and it worked for me!

Mike
  • 1
  • 2