2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Try this. If drift repair does not fix your landing zone please post the error messages to provide additional context. Also, if you are redoing everything from scratch. You can go to the CloudFormation console, and delete all stack sets related to your Control Tower installation. You may have to go into multiple accounts to delete everything.
回答済み 7ヶ月前
0
i think you need to unmanage old account first and then rebuild the control tower. then Deploy Control Tower with existing accounts. https://aws.amazon.com/blogs/mt/use-existing-logging-and-security-account-with-aws-control-tower/
回答済み 7ヶ月前
Can't repair the drift because the setup is locked and the landing zone wan't set. I tried to suspend the audit and log-archive accounts without knowing that you can't revert that. And now the setup is locked. Don't understand why you can't change the setting of the control tower setup if it fails. Tried to remove the CloudFormation stack sets but I guess it doesn't do anything because the accounts are suspended. I think my only solution would be to unsuspend the accounts somehow.
What is the specific error you get when you retry creating the landing zone? I recently ran into a similar issue, and I had to delete AWSControlTowerBP-BASELINE-CONFIG stack set. You will need the account numbers of your Log and Audit accounts. You can retrieve those from the organization console. Got to your CloudFormation console, and click on "Stacksets" in the side navigation. You will have to "Delete the stacks from Stackset" and then delete the Stackset itself. Give that a try, and then retry creating your landing zone. If that fails, please post the specific error here so we can provide more guidance.