Flag aft_feature_enterprise_support returns `ClientError: An error occurred (SubscriptionRequiredException) when calling the DescribeCases operation: Amazon Web Services Premium Support Subscription is required to use this service.`

[anasillo]

Terraform Version & Prov:

AFT Version: (Can be found in the AFT Management Account in the SSM Parameter /aft/config/aft/version)

1.12.0

Terraform Version & Provider Versions Please provide the outputs of terraform version and terraform providers from within your AFT environment

terraform version

1.6

terraform providers

N/A

Bug Description When enrolling accounts into the AFT pipeline, the pipeline does not get to enable the support plan for ct_management_account, aft_management_account and/or other accounts as well.

To Reproduce Steps to reproduce the behavior:

1. Set aft_feature_enterprise_support flag to true
2. Create account-request file for ct_management_account
3. Verify DynamoDB tables detect the changes
4. See aft_account_provisioning_framework_aft_features step functions

Expected behavior Enrolling accounts into the Enterprise Support plan should actually enroll accounts into the plan instead of failing because the account does not have the support plan enabled.

Related Logs

[ERROR] ClientError: An error occurred (SubscriptionRequiredException) when calling the DescribeCases operation: Amazon Web Services Premium Support Subscription is required to use this service.
Traceback (most recent call last):
  File "/var/task/aft_enroll_support.py", line 43, in lambda_handler
    if not account_enrollment_requested(ct_mgmt_session, target_account_id):
  File "/opt/python/lib/python3.11/site-packages/aft_common/aft_utils.py", line 98, in wrapper
    raise e
  File "/opt/python/lib/python3.11/site-packages/aft_common/aft_utils.py", line 78, in wrapper
    return func(*args, **kwargs)
  File "/opt/python/lib/python3.11/site-packages/aft_common/premium_support.py", line 42, in account_enrollment_requested
    for page in pages:
  File "/opt/python/lib/python3.11/site-packages/botocore/paginate.py", line 269, in __iter__
    response = self._make_request(current_kwargs)
  File "/opt/python/lib/python3.11/site-packages/botocore/paginate.py", line 357, in _make_request
    return self._method(**current_kwargs)
  File "/opt/python/lib/python3.11/site-packages/botocore/client.py", line 534, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/opt/python/lib/python3.11/site-packages/botocore/client.py", line 976, in _make_api_call
    raise error_class(parsed_response, operation_name)

Additional context

[ouyanguf]

Hi, can you confirm if the payer account have enrolled into Enterprise Support plan? Payer account must have Enterprise Support enabled: https://docs.aws.amazon.com/controltower/latest/userguide/aft-feature-options.html#enterprise-support-option

[anasillo]

Hi, can you confirm if the payer account have enrolled into Enterprise Support plan? Payer account must have Enterprise Support enabled: https://docs.aws.amazon.com/controltower/latest/userguide/aft-feature-options.html#enterprise-support-option

Hi there, the payer account is not enrolled into Enterprise Support since we are awaiting AWS Support to resolve some action items. Hopefully, we'll be able to sort it out quickly. Any chance to include these changes in the roadmap for the future? If the payer account is the one that we are enrolling and the aft_feature_enterprise_support is set to true, would love to see the AFT framework being able to handle that request initially.

Thanks!