Questions tagged with AWS Control Tower
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
In the process of decommission of AWS Control Tower from us-east-2, and start a new AWS Control Tower in us-east-1.
Getting this error message:
Error
AWS Control Tower failed to set up your landing...
1
answers
0
votes
295
views
asked 9 months agolg...
Steps to reproduce issue :
* Control tower landing zone is configured
* Config recorder for audit account has been accidentally deleted through CLI
* Try to Update Landing zone
* Failed with error :...
1
answers
0
votes
282
views
asked 9 months agolg...
Background: I have provisioned a new control tower. It did setup the IAM identity centre along with it. I updated the directory DNS to e.g. "XYZ". Later my team suggested we should update the sso url...
1
answers
0
votes
296
views
asked 10 months agolg...
I am getting "Landing zone drift detected" while accessing control tower and cause of this issue is listed as:
""A managed SCP was deleted, detached, or modified on the core OU Security (****), so...
1
answers
0
votes
413
views
asked 10 months agolg...
IHAC that attempted to decommission a Landing Zone using the prescriptive guidance in the documentation. They were unable to delete the AWSServiceRoleforAWSControlTower role because it stated it...
1
answers
0
votes
207
views
asked 10 months agolg...
Hi,
I have just run Control Tower successfully in a new account. Everything created without error, however, when I go to the dashboard, the newly created Audit and Log shared accounts both show...
2
answers
0
votes
352
views
asked 10 months agolg...
Hi,
Is there a way to rollback the customization applied through AFT?
For example, how to rollback the "aws_s3_account_public_access_block" created resource deployed as a global customization.
For...
1
answers
0
votes
301
views
asked 10 months agolg...
Modify default permissions sets / groups using Account Factory for Terraform (AFT) Control Towerlg...
Hi,
Is there a way to modify the default permission sets / groups that are associated to a new AWS account during its provisioning using AFT?
I'm looking for a solution that does not involve modifying...
0
answers
0
votes
109
views
asked 10 months agolg...
Control Tower Costlg...
Hi,
Recently, I came across an unexpected bill, and I would like to share my feedback about Control Tower's services with you. CT automatically creates NAT Gateways in corresponding accounts as soon...
4
answers
0
votes
520
views
asked 10 months agolg...
Planning to enable this preventive control '[CT.S3.PR.1] Require an Amazon S3 bucket to have block public access settings configured' in Control Tower. Is there any way to set exception to some S3...
2
answers
0
votes
347
views
asked 10 months agolg...
Hi, I want to have a standard VPC design template to provision VPC for the sandbox account, where i can find the documentation to start for? it is for an aws landing zone
3
answers
0
votes
240
views
asked 10 months agolg...
# Aim
Our organization had a functional requirement where the name of the CloudWatch Log Group for the Org trail needs to be in a certain format.
# Justification
By creating duplicate Trails across...
3
answers
1
votes
472
views
asked 10 months agolg...