1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Control tower rolls out Guard rails in these 4 regions.
You can see this e.g. when you look at the Cloudformation StackSets in the CT payer account, like AWSControlTowerBP-BASELINE-CONFIG. This StackSet contains stack instances for every managed accounts in these 4 regions.
If STS is disabled in these regions then CloudFormation cannot assume the right role to deploy the template and therefore your account deployment / baselining will fail.