Comments (8)
devnuII
commented on August 13, 2024
We hit the same bug during the upgrade from v1.6.4 to v1.8.0/v1.8.1
from landing-zone-accelerator-on-aws.
cloudgury
commented on August 13, 2024
Thank you for your prompt response. Could you please advise on how I can resolve this error and what steps I should take next? Additionally, I would like to update the baseline already set on the child’s accounts Audit and Log Archive to the latest version 4, and LZA try to apply it to the Security OU and this step is failing. Thanks
from landing-zone-accelerator-on-aws.
bhkhatri221
commented on August 13, 2024
Hello @cloudgury, thank you for filing an issue with the Landing Zone Accelerator team!
To ensure we have all relevant details for this issue, could you please confirm if the Organizational Unit (OU) registered with ControlTower has ever been manually renamed?
Thanks, and we look forward to hearing back from you!
from landing-zone-accelerator-on-aws.
cloudgury
commented on August 13, 2024
Yes, the OU was renamed because it originally only had an AWS Organization installed in the accounts, which already had a Security OU and a security account. Before installing Control Tower, I had to rename the old OU.
Please let me know if you need any more information.
from landing-zone-accelerator-on-aws.
bhkhatri221
commented on August 13, 2024
Thank you @cloudgury for validating renaming OU registered with Control Tower.
If an OU registered with ControlTower is manually renamed, the ControlTower console displays the updated OU name, but the ControlTower GetLandingZone API shows the old OU name. Due to this issue, LZA attempts to enable baseline for the given OU, which causes pipeline to fail with "The baseline 'AWSControlTowerBaseline' cannot be enabled on the Security OU."
As a workaround, you have the following options:
- You can rename the OU back to its previous name. However, if this is not possible, proceed to the next option.
- You can add the ACCELERATOR_NO_ORG_MODULE environment value to the "AWSAccelerator-ToolkitProject" CodeBuild project with the value set to "Yes". If this environment variable is set, LZA will skip OU baseline API calls. This feature is available in LZA v1.8.0 or later. Please note: When the ACCELERATOR_NO_ORG_MODULE environment variable parameter is set to "Yes", LZA will not register OUs with the Control Tower APIs. Therefore, you will need to manually manage OU registration.
Let us know if this workaround works for you and if you have any further questions.
from landing-zone-accelerator-on-aws.
Related Issues (20)
- LZA creates some KMS keys with key rotation disabled HOT 4
- IAM Identity Center (ICC) (LZA v1.7.0+) fails to successfully create Management Account assignments - Failure message mentions missing iam:CreateSAMLProvider permission on the IIC Assignment Lambda IAM Role HOT 5
- "Unexpected end of JSON input" error in Diff stage HOT 1
- Accelerator Metadata Configuration resource name needs to be updated in documentation HOT 1
- Broken Links in TypeDocs HOT 1
- Required least privilege permissions to run LZA upgrades
- v1.8.0 Diff stage error "find: ‘./cdk.out’: No such file or directory" HOT 1
- Feature to tag roles HOT 1
- CDK Fails to deploy Customizations using Global Replacements Syntax (v1.7.1) HOT 1
- Build version failing if not using the latest version HOT 2
- Add support for Security Hub centralized configuration HOT 1
- Add more options for Access Analyzer
- Prettify Security SNS Topic JSON
- Build version failing but I am using the latest version (v1.8.1) HOT 4
- Landing Zone Upgrade from v1.7.1 to 1.8.1 Failure - SecurityAudit HOT 3
- How to view the logArchive logs in S3 bucket? HOT 2
- Pseudo parameters in config files
- LZA Pipeline Stuck on Finalize Stage Due to SCP Update Failure HOT 4
- network-config, customisaton-config and replacements-config interfaces are not exported HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from landing-zone-accelerator-on-aws.