Improve logging when AFT account request is not valid

[Menahem1]

AFT Version: 1.9.0

Bug Description How to find more detailed logs ?

To Reproduce Steps to reproduce the behavior:

1. Add an account not enrolled on CT on AFT
2. Wait few minutes...

Expected behavior A more detailed errors/logs

Related Logs

[ERROR] RuntimeError: CT Request is not valid
Traceback (most recent call last):
  File "/var/task/aft_account_request_processor.py", line 118, in lambda_handler
    raise RuntimeError("CT Request is not valid")

[stumins]

Hi @Menahem1,

AFT does not support ingesting existing accounts that have not been enrolled with Control Tower.

Specifically, that error gets thrown here when AFT receives an invalid account request. For this case, I suspect AFT did not find a CT Account Factory SC Product matching the account, and tried to create a new account - however, the request was considered invalid because the name or email was already in use in the organization.

You could find a message in the aft-account-request-action-trigger logs that would confirm if AFT considered this request to be for a new account.

I've also created a backlog to update the logging statements to be more clear here.