Figured I’d post this seeing as I’ve had some focus on control tower lately:
As Advised By AWS Please note:
Dear AWS Control Tower Customer,
I wanted to follow up on my email from May 15th and let you know that the change referenced below has now been deployed. With this change, we will no longer perform any VPC operation on existing accounts being enrolled into AWS Control Tower regardless of whether or not a VPC is in the account when enrolling in AWS Control Tower. This means that we will not delete the default VPC on these existing accounts nor will we create a VPC on these accounts.
Please note that if you are provisioning brand new accounts for AWS Control Tower, the VPC behavior will not change.
This change is reflected on the Enrolling an Existing AWS Account in AWS Control Tower page under the section titled Enrolling Existing Accounts With VPCs.
The AWS Control Tower Team