Questions tagged with AWS Control Tower
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Background: I have provisioned a new control tower. It did setup the IAM identity centre along with it. I updated the directory DNS to e.g. "XYZ". Later my team suggested we should update the sso url...
1
answers
0
votes
336
views
asked a year agolg...
I am getting "Landing zone drift detected" while accessing control tower and cause of this issue is listed as:
""A managed SCP was deleted, detached, or modified on the core OU Security (****), so...
1
answers
0
votes
492
views
asked a year agolg...
IHAC that attempted to decommission a Landing Zone using the prescriptive guidance in the documentation. They were unable to delete the AWSServiceRoleforAWSControlTower role because it stated it...
1
answers
0
votes
234
views
asked a year agolg...
Hi,
I have just run Control Tower successfully in a new account. Everything created without error, however, when I go to the dashboard, the newly created Audit and Log shared accounts both show...
2
answers
0
votes
396
views
asked a year agolg...
Hi,
Is there a way to rollback the customization applied through AFT?
For example, how to rollback the "aws_s3_account_public_access_block" created resource deployed as a global customization.
For...
1
answers
0
votes
354
views
asked a year agolg...
Modify default permissions sets / groups using Account Factory for Terraform (AFT) Control Towerlg...
Hi,
Is there a way to modify the default permission sets / groups that are associated to a new AWS account during its provisioning using AFT?
I'm looking for a solution that does not involve modifying...
0
answers
0
votes
132
views
asked a year agolg...
Control Tower Costlg...
Hi,
Recently, I came across an unexpected bill, and I would like to share my feedback about Control Tower's services with you. CT automatically creates NAT Gateways in corresponding accounts as soon...
4
answers
0
votes
583
views
asked a year agolg...
Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3...
2
answers
0
votes
406
views
asked a year agolg...
Hi, I want to have a standard VPC design template to provision VPC for the sandbox account, where i can find the documentation to start for? it is for an aws landing zone
3
answers
0
votes
263
views
asked a year agolg...
# Aim
Our organization had a functional requirement where the name of the CloudWatch Log Group for the Org trail needs to be in a certain format.
# Justification
By creating duplicate Trails across...
3
answers
1
votes
543
views
asked a year agolg...
Hello,
Is it possible to have 2 audit accounts in the same Control Tower. The idea behind this is one audit account to be responsible for some OUs and the "second" audit account to be responsible only...
2
answers
0
votes
998
views
asked a year agolg...
Hi,
I've installed the CfCT solution for customizing the landing zone and it works fine with the example provided. The next step was to enable AWS::ControlTower::EnabledControl for some recommended...
2
answers
0
votes
395
views
asked a year agolg...