How to proceed after failed landing zone creation through control tower

I created a management account and proceeded to create landing zone through control tower. Opted for most default options except KMS encryption with single region. The creation process part succeeded - AWSControlTowerBP-BASELINE-CONFIG-MASTER completed successfully while AWSControlTowerBP-BASELINE-CLOUDTRAIL-MASTER failed.

Failiure message

Resource handler returned message: "Invalid request provided: Insufficient permissions to access S3 bucket aws-controltower-logs-xxxxxxxx-us-east-1 or KMS key arn:aws:kms:us-east-1:xxxxxxx:key/xxxxxx. (Service: CloudTrail, Status Code: 400

The rollback for the failed stack failed too. So, I deleted the stack manually and retried the operation. Now I am with a different error as below.

Resource handler returned message: "User: arn:aws:sts::xxxxxxx:assumed-role/AWSControlTowerAdmin/AssumeAdminRole is not authorized to perform: logs:DeleteLogGroup on resource: arn:aws:logs:us-east-1:xxxxxxxxx:log-group:aws-controltower/CloudTrailLogs:log-stream: because no identity-based policy allows the logs:DeleteLogGroup action (Service: CloudWatchLogs, Status Code: 400

I could try to address these issues one by one. But will the landing zone be ever able to complete successfully now considering it was partially done and I manually deleted the stack? Or should I just delete the root and everything under it and start over?