Issue building Control tower landing zone on a new account - AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try again

Question

Hello, I am facing the following issue while trying to launch a control tower landing zone in a new AWS account:

AWS Control Tower failed to set up your landing zone completely: AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try again. If this error persists, contact AWS Support. Learn more

The account was created over 3 days but never used.

So in the first attempt,  I received the error and then I found the question and comments in https://repost.aws/questions/QUEqQ54QQqQaqyi2a23a6GKA/aws-tower-setup-failed-subscribe-to-aws-ec-2-service, then I tried to launch an instance and wait for over 30 to 60 minutes and retry, but without success.

Also, unless the Control tower is blocked by default, I don't think I am going over any quotas as there was no usage in the account.

So far, I can see the following resources created but no logs:

AWS organization and proposed 2 OUs
2 Security accounts
AWS SSO with my user.

As I don't have a paid support plan, I am unable to contact the support directly, is there any other step that you suggest I take? I really would like to avoid having to recreate the setup.

Accepted Answer

As it turns out, the issue was caused by a payment method processing issue. I had an issue with main card of the root account and even after fixing it I was unable to proceed.

After checking some services in the child accounts (audit and log archive), I received an activation screen message.

After contacting AWS Account activate support, they recommended making any change to the payment method, like a simple dot in the address line. That fixed the issue, I received activation notification for both log and audit accounts and was able to proceed with control tower configuration.

Answer

Same happen to me with provisioning Landing Zone via Control Tower in new Management Account.
After 10 minutes got error:

**AWS Control Tower failed to set up your landing zone completely: AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try again. If this error persists, contact AWS Support.**
![Enter image description here](/media/postImages/original/IMr73jwKBwTiCbvyLPaVo2_A)

Control Tower able to provision two new accounts: **Audit** and **LogArchive**, I was able to assume role **AWSControlTowerExecution** to switch to them, when you go to EC2 you are getting another screen with missing info for activation.
![Enter image description here](/media/postImages/original/IMm_OfHHccTVOLmNwFeXPmAQ)

When you click on Complete your registration you getting selection of the support plan only.

I tried to update billing address, didn't help.
Opened Chat with AWS Support which is very useless, they give just this link to follow https://docs.aws.amazon.com/controltower/latest/userguide/troubleshooting.html
And ask to update Support plan and submit technical support case.

After long discussions and screenshots with AWS Support (Not technical support as we don't have Support plan) they wrote me this:

"On reviewing I can see the payment method was invalid on the payer account, we've sent an autorization charges to your issuer and it is approved."

And now AWS Control Tower retry working fine.

**So solution is check your billing info, if it's correct, open AWS Support case for Account Activation issue and ask them to re-validate payment method!**

Issue building Control tower landing zone on a new account - AWS Control Tower setup failed. Be sure your account is subscribed to the AWS EC2 service, then try again

Relevant content