So I was testing out the enroll_account.py script outlined here https://aws.amazon.com/blogs/field-notes/enroll-existing-aws-accounts-into-aws-control-tower/, in order to enroll an existing unregistered account (that was already in the organization) into control tower. This was a single account, currently sitting in an unregistered OU. Unfortunately, I got the capitalization wrong on one of the letters for the target registered OU where the new account was to be put and it errored (I put WorkLoads instead of Workloads), and now the account enrollment errors out. See below:
[ec2-user@ip-10-0-101-238 ~]$ python3 enroll_account.py -o WorkLoads -i <account number redacted>
Executing on AWS Account: <redacted>, assumed-role/AWSReservedSSO_AWSAdministratorAccess_bf1c0c3371d5ee07/<redacted>@<redacted>.edu
PRECHECK SUCCEEDED. Proceeding
Launching Enroll-Account-BusinessDivision01
Status: UNDER_CHANGE. Waiting for 6.0 min to recheck
ERROR: 165929507703
[ec2-user@ip-10-0-101-238 ~]$ python3 enroll_account.py -o Workloads -i <account number redacted>
Executing on AWS Account: <redacted>, assumed-role/AWSReservedSSO_AWSAdministratorAccess_bf1c0c3371d5ee07/<redacted>@<redacted>.edu
PRECHECK SUCCEEDED. Proceeding
Launching Enroll-Account-BusinessDivision01
SC product provisioning failed: An error occurred (InvalidParametersException) when calling the ProvisionProduct operation: A stack named Enroll-Account-BusinessDivision01 already exists.
ERROR: 165929507703
[ec2-user@ip-10-0-101-238 ~]$
Anyone have a hint as to where to go from here or theories on how I could get myself out of this? This was just a test account in my dev environment so if need be, blowing away the target account is fine, however, i'd like to use this as a learning experience in case it ever goes this way with a production account in the future.
Edited by: jgilfoil on Oct 31, 2020 3:51 PM
AWS 官方已更新 1 年前