Cancel instead of Retry on Control Tower Failure to setup Landing Zone

Hello,

I hope you're doing well.

Thank you for reaching out to us with your concern.

From your case notes i understand that Control Tower is in a failed state and you want to start over the process.

Since you would like to delete the Control tower landing Zone you have to perform the decommission process. However according to doc[1] "You can’t use automated decommissioning to remove a landing zone that’s partially set up. If your landing zone setup process fails, you must resolve the failure state and set it up all the way to make automated decommissioning possible, or you must manually delete the resources individually."

As your landing zone is in FAILED status you have two options to proceed with decommission process

• Delete the existing Config delivery channel and setup landing Zone. After setup is completed you can perform decommission process
• Manually delete the resources created by Control Tower.

Please allow me to elaborate on above mentioned approaches one by one

• Delete the existing Config delivery channel and setup landing Zone. After setup is completed you can perform decommission process

=============

If you choose to move forward with option 1 you firstly have to delete existing delivery channels that same can be checked and deleted using below mentioned commands

---

Check Command: aws configservice describe-delivery-channels

Delete command: aws configservice delete-delivery-channel —delivery-channel-name <name> —region <region>

---

Once done you can again perform the landing zone setup operation . After landing zone is setup successfully you can perform the decommission process using below mentioned steps

---

1. Navigate to the Landing Zone Settings page in the AWS Control Tower console.

2. Choose Decommission your landing zone within the Decommission your landing zone section.

3. A dialog appears, explaining the action you are about to perform, with a required confirmation process. To confirm your intent to decommission, you must select every box and type the confirmation as requested. Please note that the decommissioning process cannot be undone.

4. If you confirm your intent to decommission your landing zone, you are redirected to the AWS Control Tower home page while decommissioning is in progress. The process may require up to two hours.

5. When decommissioning has succeeded, you must delete remaining resources manually before setting up a new landing zone from the AWS Control Tower console. These remaining resources include some specific S3 buckets, organizations, and CloudWatch Logs log groups.

---

For more information of what happens during a decommision process you can refer to doc[2] .

=============

• Manually delete the resources created by Control Tower.

=============

Please allow me to mention that this option is suggested only if you want to stop using the AWS Control Tower Landing zone ever. Manually deleting all of the AWS Control Tower resources cannot be undone and It will not allow you to set up a new landing zone in the same Management account[1] . In order to manually delete all the resources deployed by Control Tower landing zone setup you can perfrom below mentioned steps

1. Navigate to Cloudformation console from your management account
2. Navigate to stacksets
3. Delete all the stacksets having naming convention as AWSControlTower* this will delete the resources created while landing zone setup.

=============

I hope this information helps.

Thank you and have a great day ahead!

Reference: [1] https://docs.aws.amazon.com/controltower/latest/userguide/decommission-landing-zone.html [2] https://docs.aws.amazon.com/controltower/latest/userguide/decommissioning-process-overview.html

**Hello,

I hope you're doing well.

Thank you for reaching out to us with your concern.

you are facing issues with the setup of AWS Control Tower and shared accounts during the landing zone setup, and Control Tower is in a failed state, you might need to take some corrective actions. Here are some steps you can consider: Access AWS Control Tower Console:

Log in to the AWS Management Console. 

Navigate to the AWS Control Tower console. 

Check for Errors: 

Look for error messages or details about the failed state. This information can provide insights into what went wrong during the setup. 

Review AWS Control Tower Documentation: 

Refer to the AWS Control Tower documentation for troubleshooting steps and guidance on resolving common issues. 

Retry the Setup: 

If Control Tower allows you to retry the setup, attempt the retry to see if it resolves the issue. Make sure to carefully review and correct any misconfigurations during the process. 

Contact AWS Support: 

If the issue persists and you cannot find a solution, consider reaching out to AWS Support for assistance. They can provide guidance based on the specific details of your setup and help resolve any issues. 

Manually Clean Up: 

If the shared account section is greyed out, there might be an issue with the configuration. You may need to manually clean up any resources or configurations associated with Control Tower and shared accounts. Be cautious while doing this, and ensure that you understand the implications of any changes. 

Restart the Setup: 

If there's no option to cancel the setup, and you've resolved any issues or cleaned up resources manually, you might need to restart the setup from the beginning. This could involve using a new landing zone or ensuring that previous configurations are completely removed.