By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Control Tower failed to set up your landing zone completely: An error occurred while setting up your landing zone.

0

In the process of decommission of AWS Control Tower from us-east-2, and start a new AWS Control Tower in us-east-1.

Getting this error message: Error AWS Control Tower failed to set up your landing zone completely: An error occurred while setting up your landing zone. Try again later. If this error persists, contact AWS Support. Learn more

before starting a new control tower setup

I followed https://docs.aws.amazon.com/controltower/latest/userguide/how-to-decommission.html to finished the manual steps of decommission. (and varies guides on how to remove things related in the guide, i.e. config rules, etc)

Started new AWS Control Tower setup in us-east-1, reusing previous audit and log archive AWS accounts. and the above error was produced when the landing zone setup reached:

  • Configuring the audit account in progress
  • Configuring the log archive account in progress

In both audit and log archive accounts, I can see s3 buckets, cloud watch, cloud formation, config, etc are being setup and all cloud formation steps was success. I'm lost on what else could be the cause.

also the AWS control tower setup tool now has most options grayed out (so I can't change them), and I'm not sure if it's possible to start a new process with a different audit and log archive account.

Thanks!

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS Control TowerAWS Account Management
Language
English
Aiden Zhao
asked 9 months ago294 views
1 Answer
0

Hello Aiden, As you might know, decommissioning Control Tower is a pretty complicated work. To assist customers, AWS provides the automated decommissioning process. To begin the process, navigate to the Landing Zone Settings page, select the decommission tab, and choose Decommission landing zone. You can find details in the link below and need to read this documentation thoroughly before and during the decommission. https://docs.aws.amazon.com/controltower/latest/userguide/decommission-landing-zone.html

If you've done correctly in accordance with the decommission guide, please check out the re-setup procedure. https://docs.aws.amazon.com/controltower/latest/userguide/known-issues-decommissioning.html

Having done all of that, the issue could still appear. In the case, creating new log/audit accounts might be helpful to setup a new Control Tower to other region. However, it is likely to occur another unexpected issues going forward even if it looks like working well for the time being. Therefore, I recommend creating a support case to figure out root causes of your issue, and applying an exact resolution to your CT or accounts. I think that contacting AWS support center is the fastest way to solve this kind of complicated situations.

I hope this would be helpful to you. :)

profile pictureAWS
AWS-User-4272739
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content