Hello,
We have started using AFT to provision our AWS accounts but as of last week we have been receiving an error that I have been unable to troubleshoot myself. We don't have a paid support plan with AWS so we are basically on our own with this one and Im hoping someone here has had a similar issue.
The account-request pipeline completes successfully triggering the account creation but after approx one hour the enrolment fails.
The provisioned product in Service Catalog shows as tainted and give the error:
"AWS Control Tower cannot complete the operation because activation of account 123456798123 is not complete. Try again in one hour. If this error persists, contact AWS Support."
The aft-account-provisioning-framework state machine fails on the aft_account_provisioning_framework_persist_metadata step and has the error:
"errorMessage": "An error occurred (SubscriptionRequiredException) when calling the GetParametersByPath operation: The AWS Access Key Id needs a subscription for the service"
All other steps above this carry the error:
state": "FAILED", "message": "AWS Control Tower failed to create an enrolled account."
even though they appear to have succeeded.
We are finding it quite difficult to find the cause of this and wondering does anyone have any ideas on where we can go from here? What to investigate etc. The logs for ControlTower are not exacly verbose. We upgraded from v1.6.6 to v1.9.2 today and the problem persists. Any help appreciated.
AWS OFFICIALUpdated a year ago
