Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

first LZA deployment fails on Accelertor-Pipeline #424

Open
6 tasks
damovsky opened this issue Mar 28, 2024 · 1 comment
Open
6 tasks

first LZA deployment fails on Accelertor-Pipeline #424

damovsky opened this issue Mar 28, 2024 · 1 comment
Labels
bug Something isn't working pending-release This issue will be resolved in an upcoming release

Comments

@damovsky
Copy link

Describe the bug
I have created a new AWS Account, enabled there AWS Control Tower and launched LZA cloud formation stack.

It stopped in AWSAccelerator-Pipeline, in stage Prepare on error:
AWSAccelerator-PrepareStack-339713112183-us-east-1 | 86/102 | 8:15:40 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | CreateCTAccounts/CreateControlTowerAccountStatus/ServiceRole/DefaultPolicy (CreateCTAccountsCreateControlTowerAccountStatusServiceRoleDefaultPolicy9BE6F791) Resource creation Initiated AWSAccelerator-PrepareStack-339713112183-us-east-1 | 86/102 | 8:15:40 AM | CREATE_IN_PROGRESS | AWS::Lambda::Function | CreateCTAccounts/CreateControlTowerAccount (CreateCTAccountsCreateControlTowerAccount8636115B) Resource creation Initiated AWSAccelerator-PrepareStack-339713112183-us-east-1 | 86/102 | 8:15:40 AM | CREATE_FAILED | AWS::ServiceCatalog::PortfolioPrincipalAssociation | CreateCTAccounts/LambdaPrincipalAssociation (CreateCTAccountsLambdaPrincipalAssociationFAD34BEB) Invalid input parameter(s) (Service: AWSServiceCatalog; Status Code: 400; Error Code: InvalidParametersException; Request ID: e19ca966-a3e4-441e-a415-b93735ec03f1; Proxy: null) new CreateControlTowerAccounts (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/constructs/lib/aws-controltower/create-accounts.ts:149:5) \_ PrepareStack.createConfigurationTables (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts:480:40) \_ new PrepareStack (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts:287:14) \_ createPrepareStack (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/utils/stack-utils.ts:381:26) \_ createManagementAccountStacks (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:100:21) \_ main (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:237:5) \_ processTicksAndRejections (node:internal/process/task_queues:96:5) \_ async /codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:251:5 AWSAccelerator-PrepareStack-339713112183-us-east-1 | 86/102 | 8:15:41 AM | CREATE_FAILED | AWS::Lambda::Function | CreateCTAccounts/CreateControlTowerAccount (CreateCTAccountsCreateControlTowerAccount8636115B) Resource creation cancelled new Function (/codebuild/output/src785/src/s3/00/source/node_modules/aws-cdk-lib/aws-lambda/lib/function.js:1:9470) \_ new CreateControlTowerAccounts (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/constructs/lib/aws-controltower/create-accounts.ts:50:20) \_ PrepareStack.createConfigurationTables (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts:480:40) \_ new PrepareStack (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts:287:14) \_ createPrepareStack (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/utils/stack-utils.ts:381:26) \_ createManagementAccountStacks (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:100:21) \_ main (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:237:5) \_ processTicksAndRejections (node:internal/process/task_queues:96:5) \_ async /codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:251:5 AWSAccelerator-PrepareStack-339713112183-us-east-1 | 86/102 | 8:15:41 AM | CREATE_FAILED | AWS::IAM::Policy | CreateCTAccounts/CreateControlTowerAccountStatus/ServiceRole/DefaultPolicy (CreateCTAccountsCreateControlTowerAccountStatusServiceRoleDefaultPolicy9BE6F791) Resource creation cancelled new Policy (/codebuild/output/src785/src/s3/00/source/node_modules/aws-cdk-lib/aws-iam/lib/policy.js:1:1305) \_ Role.addToPrincipalPolicy (/codebuild/output/src785/src/s3/00/source/node_modules/aws-cdk-lib/aws-iam/lib/role.js:1:7323) \_ new Function (/codebuild/output/src785/src/s3/00/source/node_modules/aws-cdk-lib/aws-lambda/lib/function.js:1:7456) \_ new CreateControlTowerAccounts (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/constructs/lib/aws-controltower/create-accounts.ts:127:23) \_ PrepareStack.createConfigurationTables (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts:480:40) \_ new PrepareStack (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/lib/stacks/prepare-stack.ts:287:14) \_ createPrepareStack (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/utils/stack-utils.ts:381:26) \_ createManagementAccountStacks (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:100:21) \_ main (/codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:237:5) \_ processTicksAndRejections (node:internal/process/task_queues:96:5) \_ async /codebuild/output/src785/src/s3/00/source/packages/@aws-accelerator/accelerator/bin/app.ts:251:5 AWSAccelerator-PrepareStack-339713112183-us-east-1 | 86/102 | 8:15:41 AM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | AWSAccelerator-PrepareStack-339713112183-us-east-1 The following resource(s) failed to create: [CreateCTAccountsCreateControlTowerAccount8636115B, CreateCTAccountsLambdaPrincipalAssociationFAD34BEB, CreateCTAccountsCreateControlTowerAccountStatusServiceRoleDefaultPolicy9BE6F791]. Rollback requested by user.

I already tried to delete whole stack, and re-start whole process again.
I also tried to use different version (1.6.1 and 1.6.0)

but the problem is still there....

Please complete the following information about the solution:

  • Version:1.6.1 and 1.6.0

  • Region: us-east-1

  • Was the solution modified from the version published on this repository? no

  • If the answer to the previous question was yes, are the changes available on GitHub?

  • Have you checked your service quotas for the services this solution uses? no

  • Were there any errors in the CloudWatch Logs?
@damovsky damovsky added the bug Something isn't working label Mar 28, 2024
@bhkhatri221
Copy link
Contributor

bhkhatri221 commented Apr 4, 2024
edited

Hello @damovsky, thank you for filing an issue with the Landing Zone Accelerator team ! I am not able to replicate same behavior in my environment with v1.6.2.
For temporary workaround, please manually add and enroll accounts. We are also working on upgrading to sdv3 for this specific create account vending process, and this will be available in upcoming release. This might fix the issue you are experiencing.

If you have any other questions, please do not hesitate to reach out to us.

@bhkhatri221 bhkhatri221 added the pending-release This issue will be resolved in an upcoming release label Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working pending-release This issue will be resolved in an upcoming release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@damovsky @bhkhatri221