Prepare Stage Fails with Control Tower launch issues #565
Labels
Comments
|
This happened very often to me. The workaround is to retry LZ deployment from Control Tower console and it always worked, but it is better to not having this problem. |
|
This is really annoying and prevents launching a new LZ through automation |
|
Hi @richardkeit , thank you for your code contribution! This will be fixed in the next major release thanks to your pull request #567 , I will keep this issue open until that release is made public. Thank you for your support of the Landing Zone Accelerator! |
erwaxler
added
the
pending-release
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Prepare stage fails on new AWS account
To Reproduce
Note: Generated default config:
global-config.yaml:Expected behavior
Solution works without issue. Currently this is a 66% pass rate (eg 2/3 installations have succeeded)
Please complete the following information about the solution:
Screenshots
Additional context
Operation log:
❯ aws controltower get-landing-zone-operation --operation-identifier cadf33dd-5e2a-4498-bd64-61098b6464c7 { "operationDetails": { "endTime": "2024-09-11T07:21:13+00:00", "operationIdentifier": "cadf33dd-5e2a-4498-bd64-61098b6464c7", "operationType": "CREATE", "startTime": "2024-09-11T07:15:51+00:00", "status": "FAILED", "statusMessage": "AWS IAM Identity Center can't complete your request because another request is already in progress. Try again later." } }CreateLandingZoneCall:
{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "AROAWCZC6GMLN4JXCUM36:AWSCodeBuild-ecd4b66a-e232-4bcf-98e9-47f671fcfbfc", "arn": "arn:aws:sts::XXXXXXXXX:assumed-role/AWSAccelerator-PipelineSt-AdminCdkToolkitRole292E16-DLnwnTIHTWTs/AWSCodeBuild-ecd4b66a-e232-4bcf-98e9-47f671fcfbfc", "accountId": "XXXXXXXXX", "accessKeyId": "ASIAWCZC6GMLDIBOJTN6", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAWCZC6GMLN4JXCUM36", "arn": "arn:aws:iam::XXXXXXXXX:role/AWSAccelerator-PipelineSt-AdminCdkToolkitRole292E16-DLnwnTIHTWTs", "accountId": "XXXXXXXXX", "userName": "AWSAccelerator-PipelineSt-AdminCdkToolkitRole292E16-DLnwnTIHTWTs" }, "attributes": { "creationDate": "2024-09-11T07:07:45Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-09-11T07:15:52Z", "eventSource": "controltower.amazonaws.com", "eventName": "CreateLandingZone", "awsRegion": "ap-southeast-2", "sourceIPAddress": "13.55.255.220", "userAgent": "aws-sdk-js/3.556.0 ua/2.0 os/linux#4.14.291-218.527.amzn2.x86_64 lang/js md/nodejs#18.20.3 api/controltower#3.556.0 exec-env/AWS_ECS_EC2 AwsSolution/SO0199/1.9.2", "requestParameters": { "version": "3.3", "manifest": { "governedRegions": [ "ap-southeast-2", "us-east-1" ], "organizationStructure": { "security": { "name": "Security" }, "sandbox": { "name": "Infrastructure" } }, "centralizedLogging": { "accountId": "XXXX", "configurations": { "loggingBucket": { "retentionDays": 365 }, "accessLoggingBucket": { "retentionDays": 3650 }, "kmsKeyArn": "arn:aws:kms:ap-southeast-2:XXXXXXXXX:key/YYYYYYY-YYYYYYY-YYYYYYY-YYYYYYY" }, "enabled": true }, "securityRoles": { "accountId": "AAAAAAA" }, "accessManagement": { "enabled": true } } }, "responseElements": { "arn": "arn:aws:controltower:ap-southeast-2:XXXXXXXXX:landingzone/AAAAAAA", "operationIdentifier": "cadf33dd-5e2a-4498-bd64-61098b6464c7" }, "requestID": "984a61c5-4304-46b7-b4c8-1fb8a3986e1a", "eventID": "5db2088b-9511-4b6f-b2fe-398bf5e0098a", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "XXXXXXXXX", "eventCategory": "Management" }The text was updated successfully, but these errors were encountered: