Account Factory guidance - AWS Control Tower

Account Factory guidance

You can encounter issues when using Account Factory to provision a new account in AWS Control Tower. For information about how to troubleshoot these issues, see the section New Account Provisioning Failed in Troubleshooting of the AWS Control Tower User Guide.

We recommend that you create federated users or IAM roles instead of IAM users. Federated users and IAM roles provide you with temporary credentials. IAM users have long-term credentials that can be difficult to manage. For more information, see IAM identities (users, user groups, and roles) in the IAM User Guide.

If you're authenticated as an IAM user or IAM Identity Center user when provisioning a new account in Account Factory or when using the Enroll account feature AWS Control Tower, verify that your user has access to your AWS Service Catalog portfolio. Otherwise, you might receive an error message from Service Catalog. For more information, see No Launch Paths Found Error in the Troubleshooting section of the AWS Control Tower User Guide.


Up to five accounts can be provisioned at a time.