Error “All subnets do not belong to the user’s account” when setting up MWAA environment in Control Tower config w/ VPCs shared across accounts

Question

I’m trying to test out AWS MWAA (managed airflow) and running into an error: “All subnets do not belong to the user’s account” when trying to deploy the service to our development VPC. The development VPC is shared under our Control Tower from an infrastructure account to development. I suspect that’s the cause of the error, but I don’t see a workaround other than creating a new VPC in the development account which is a non starter.

I’ve tried both the ‘Private’ and ‘Public’ Network options within the MWAA environment configuration.

Any assistance would be appreciated!

I’ve tried both the ‘Private’ and ‘Public’ Network options within the MWAA environment configuration.

Any assistance would be appreciated!

Answer

Hello @drussell,

You are correct, you can not create a MWAA Environment using Shared VPC/Subnets. AWS MWAA expects the subnets being used for environment creation are owned by the same account where the environment is being created. As of now, there is no workaround for this issue and you will have to use a VPC/subnets owned by your AWS account.

I will relay your feedback as a feature request to our AWS MWAA product team.

Error “All subnets do not belong to the user’s account” when setting up MWAA environment in Control Tower config w/ VPCs shared across accounts

관련 콘텐츠