Questions tagged with AWS Control Tower
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I have a requirement.
I have created a Landing Zone using Control Tower. One of my external AWS account needs access to the Logging member account and access resources inside the Logging account,
How...
1
answers
1
votes
241
views
asked 10 months agolg...
In the process of decommission of AWS Control Tower from us-east-2, and start a new AWS Control Tower in us-east-1.
Getting this error message:
Error
AWS Control Tower failed to set up your landing...
1
answers
0
votes
303
views
asked 10 months agolg...
Steps to reproduce issue :
* Control tower landing zone is configured
* Config recorder for audit account has been accidentally deleted through CLI
* Try to Update Landing zone
* Failed with error :...
1
answers
0
votes
289
views
asked 10 months agolg...
Background: I have provisioned a new control tower. It did setup the IAM identity centre along with it. I updated the directory DNS to e.g. "XYZ". Later my team suggested we should update the sso url...
1
answers
0
votes
304
views
asked 10 months agolg...
I am getting "Landing zone drift detected" while accessing control tower and cause of this issue is listed as:
""A managed SCP was deleted, detached, or modified on the core OU Security (****), so...
1
answers
0
votes
436
views
asked 10 months agolg...
IHAC that attempted to decommission a Landing Zone using the prescriptive guidance in the documentation. They were unable to delete the AWSServiceRoleforAWSControlTower role because it stated it...
1
answers
0
votes
215
views
asked 10 months agolg...
Hi,
I have just run Control Tower successfully in a new account. Everything created without error, however, when I go to the dashboard, the newly created Audit and Log shared accounts both show...
2
answers
0
votes
360
views
asked 10 months agolg...
Hi,
Is there a way to rollback the customization applied through AFT?
For example, how to rollback the "aws_s3_account_public_access_block" created resource deployed as a global customization.
For...
1
answers
0
votes
316
views
asked 10 months agolg...
Modify default permissions sets / groups using Account Factory for Terraform (AFT) Control Towerlg...
Hi,
Is there a way to modify the default permission sets / groups that are associated to a new AWS account during its provisioning using AFT?
I'm looking for a solution that does not involve modifying...
0
answers
0
votes
117
views
asked 10 months agolg...
Control Tower Costlg...
Hi,
Recently, I came across an unexpected bill, and I would like to share my feedback about Control Tower's services with you. CT automatically creates NAT Gateways in corresponding accounts as soon...
4
answers
0
votes
541
views
asked 10 months agolg...
Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3...
2
answers
0
votes
367
views
asked 10 months agolg...
Hi, I want to have a standard VPC design template to provision VPC for the sandbox account, where i can find the documentation to start for? it is for an aws landing zone
3
answers
0
votes
248
views
asked 10 months agolg...