1 Answer
- Newest
- Most votes
- Most comments
0
Hi There
Do you have any custom SCP's on your OU's that would be denying access to the ControlTowerExecutionRole?
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
There are no SCPs which are denying access to the ControlTowerExecutionRole.
I am suspecting Cloudformation as I have retried several times and deleted some failed stacks. Will that cause any failures?
Are there any stack sets in the DELETE_FAILED state in ANY account (log archive or audit accounts)? Do you have ANY custom SCP that might be interfering? Can you can try a Landing Zone repair?
There are no stack sets in DELETE_FAILED state in any acccount. Only five SCP enabled and they are not related. Landing zone is not shown/reachable. There is a retry but on top of Control Tower dashboard. "Enrolled accounts" and "Registered organizational units" are empty.