AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS Control Tower failed to set up your landing zone completely: An error occurred while setting up your landing zone.

0

In the process of decommission of AWS Control Tower from us-east-2, and start a new AWS Control Tower in us-east-1.

Getting this error message: Error AWS Control Tower failed to set up your landing zone completely: An error occurred while setting up your landing zone. Try again later. If this error persists, contact AWS Support. Learn more

before starting a new control tower setup

I followed https://docs.aws.amazon.com/controltower/latest/userguide/how-to-decommission.html to finished the manual steps of decommission. (and varies guides on how to remove things related in the guide, i.e. config rules, etc)

Started new AWS Control Tower setup in us-east-1, reusing previous audit and log archive AWS accounts. and the above error was produced when the landing zone setup reached:

  • Configuring the audit account in progress
  • Configuring the log archive account in progress

In both audit and log archive accounts, I can see s3 buckets, cloud watch, cloud formation, config, etc are being setup and all cloud formation steps was success. I'm lost on what else could be the cause.

also the AWS control tower setup tool now has most options grayed out (so I can't change them), and I'm not sure if it's possible to start a new process with a different audit and log archive account.

Thanks!

주제
보안, 신원 및 규정 준수관리 및 거버넌스
태그
보안, 신원 및 규정 준수AWS 컨트롤 타워AWS 계정 관리
언어
English
Aiden Zhao
질문됨 10달 전304회 조회
1개 답변
0

Hello Aiden, As you might know, decommissioning Control Tower is a pretty complicated work. To assist customers, AWS provides the automated decommissioning process. To begin the process, navigate to the Landing Zone Settings page, select the decommission tab, and choose Decommission landing zone. You can find details in the link below and need to read this documentation thoroughly before and during the decommission. https://docs.aws.amazon.com/controltower/latest/userguide/decommission-landing-zone.html

If you've done correctly in accordance with the decommission guide, please check out the re-setup procedure. https://docs.aws.amazon.com/controltower/latest/userguide/known-issues-decommissioning.html

Having done all of that, the issue could still appear. In the case, creating new log/audit accounts might be helpful to setup a new Control Tower to other region. However, it is likely to occur another unexpected issues going forward even if it looks like working well for the time being. Therefore, I recommend creating a support case to figure out root causes of your issue, and applying an exact resolution to your CT or accounts. I think that contacting AWS support center is the fastest way to solve this kind of complicated situations.

I hope this would be helpful to you. :)

profile pictureAWS
AWS-User-4272739
답변함 10달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠