I accidentally bricked my AWS Control Tower instance while experimenting with it. I bypassed the proper teardown process and deleted the Foundation (Security/Sandbox) organizational units (OUs), then closed the two associated accounts. Now, when I try to reset, I get an error indicating that the two foundation accounts are not active. I attempted to recreate the OUs and move the accounts back, but that didn't solve the issue. Since this is a personal account without business support, what recovery options do I have? Should I contact AWS to reactivate the accounts and then try the reset process? Also, when I'm logged in as the Management Account Root, I'm still getting this error message: [Image Link](https://imgur.com/eAF0NHV).
2 Answers
I totally understand your struggle! Bricking Control Tower can be a headache. According to the AWS documentation in section 4.3, you might need to get AWS support to help rebuild your landing zone. It’s worth checking that out, even if it’s a bit of a hassle.
Sure! You can find it here: [Overview of the decommissioning process - AWS Control Tower](https://docs.aws.amazon.com/controltower/latest/userguide/decommissioning-process-overview.html). That should help!
You definitely need to reopen those accounts that are in a closed or suspended state within your OU and try the reset again. Just a heads-up though, many companies find that Control Tower’s stringent configuration requirements can be more trouble than it’s worth as they scale. If that's the case for you, consider whether you want more flexible management options moving forward.
Yeah, I was curious about Control Tower since our AWS account manager recommended it, but now I'm regretting it after hearing your experience.
We tried Control Tower once for hundreds of accounts but it kept getting corrupted. After that, we decided it was simpler to manage everything ourselves.
Do you have a link to that section in the docs? I was looking through the decommissioning guide after messing up the order and couldn’t find a solution.