Questions tagged with AWS Control Tower
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Steps to reproduce issue :
* Control tower landing zone is configured
* Config recorder for audit account has been accidentally deleted through CLI
* Try to Update Landing zone
* Failed with error :...
1
answers
0
votes
278
views
asked 9 months agolg...
Background: I have provisioned a new control tower. It did setup the IAM identity centre along with it. I updated the directory DNS to e.g. "XYZ". Later my team suggested we should update the sso url...
1
answers
0
votes
295
views
asked 9 months agolg...
I am getting "Landing zone drift detected" while accessing control tower and cause of this issue is listed as:
""A managed SCP was deleted, detached, or modified on the core OU Security (****), so...
1
answers
0
votes
402
views
asked 10 months agolg...
IHAC that attempted to decommission a Landing Zone using the prescriptive guidance in the documentation. They were unable to delete the AWSServiceRoleforAWSControlTower role because it stated it...
1
answers
0
votes
205
views
asked 10 months agolg...
Hi,
I have just run Control Tower successfully in a new account. Everything created without error, however, when I go to the dashboard, the newly created Audit and Log shared accounts both show...
2
answers
0
votes
347
views
asked 10 months agolg...
Hi,
Is there a way to rollback the customization applied through AFT?
For example, how to rollback the "aws_s3_account_public_access_block" created resource deployed as a global customization.
For...
1
answers
0
votes
298
views
asked 10 months agolg...
Modify default permissions sets / groups using Account Factory for Terraform (AFT) Control Towerlg...
Hi,
Is there a way to modify the default permission sets / groups that are associated to a new AWS account during its provisioning using AFT?
I'm looking for a solution that does not involve modifying...
0
answers
0
votes
107
views
asked 10 months agolg...
Control Tower Costlg...
Hi,
Recently, I came across an unexpected bill, and I would like to share my feedback about Control Tower's services with you. CT automatically creates NAT Gateways in corresponding accounts as soon...
4
answers
0
votes
506
views
asked 10 months agolg...
Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3...
2
answers
0
votes
340
views
asked 10 months agolg...
Hi, I want to have a standard VPC design template to provision VPC for the sandbox account, where i can find the documentation to start for? it is for an aws landing zone
3
answers
0
votes
237
views
asked 10 months agolg...
# Aim
Our organization had a functional requirement where the name of the CloudWatch Log Group for the Org trail needs to be in a certain format.
# Justification
By creating duplicate Trails across...
3
answers
1
votes
458
views
asked 10 months agolg...
Hello,
Is it possible to have 2 audit accounts in the same Control Tower. The idea behind this is one audit account to be responsible for some OUs and the "second" audit account to be responsible only...
2
answers
0
votes
863
views
asked 10 months agolg...