AWS Config - OrganizationConformancePack fails with NoAvailableConfigurationRecorderException

Question

We are trying to deploy Organization Conformance Packs via CloudFormation. But the deployment always fails with the below exception:
`NoAvailableConfigurationRecorderException in 1 account(s)`

AWS Config recorder ist configured in the Management Account and we have completed the [Prerequisites](https://docs.aws.amazon.com/config/latest/developerguide/cpack-prerequisites.html#cpack-prerequisites-organizationcpack) for Organization Conformance Packs. Trusted service access for AWS Config is enabled in our Organization by [creating a multi-account aggregator and adding the organization](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html#integrate-enable-ta-config).
Our Cloud Landing Zone is created using Control Tower. Also we've followed [this](https://aws.amazon.com/blogs/mt/deploy-aws-config-rules-and-conformance-packs-using-a-delegated-admin/) blog post to try the same with a delegated Administrator account. Last but not least we've given the config recorder role admin access and excluded all account except the Management Account in our template. Still no luck. Anyone having an idea how to solve this issue?

Accepted Answer

Problem is solved. I've found out that one legacy member account which is not enrolled in Control Tower doesn't have Config activated. I've used CLI to deploy and troubleshoot it.

AWS Config - OrganizationConformancePack fails with NoAvailableConfigurationRecorderException

관련 콘텐츠