Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Control Tower dependency to other regions?

0

My customer wanted to launch the Control Tower in eu-west-1 but the launch failed. After he went through the support case, the identified problem was that the customer has disabled STS (in IAM) for all regions except eu-west-1 and the global one (us-east-1). He needed to additionally enable us-east-2 and us-west-2 regions.

He is asking why he needs to enable us-east-2 and us-west-2 for Control Tower when he is not using these regions? Is there some dependency that Control Tower has to these regions?

Thanks

Tópicos
Gestão e governança
Tags
Torre de controle da AWS
Idioma
English
AWS-User-4352210
feita há 4 anos559 visualizações
1 Resposta
0
Resposta aceita

Control tower rolls out Guard rails in these 4 regions.

You can see this e.g. when you look at the Cloudformation StackSets in the CT payer account, like AWSControlTowerBP-BASELINE-CONFIG. This StackSet contains stack instances for every managed accounts in these 4 regions.

If STS is disabled in these regions then CloudFormation cannot assume the right role to deploy the template and therefore your account deployment / baselining will fail.

ESPECIALISTA
Andreas Seemueller
respondido há 4 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante