Open Galvin-wjw opened 1 year ago
Hi @Galvin-wjw thank you for raising the ticket. Currently this option is not supported, for the use of proactive controls it is required to apply the implementation of the CT.CLOUDFORMATION.PR.1 prerequisite before deploying the CTC module. This can be done in several ways for example using the Console or the API with the CTC tool deployed in a previous step of the CI/CD pipeline. We are working on the new feature to add this optional prerequisite in the module’s configuration. Additional information on this prerequisite is in the AWS documentation https://docs.aws.amazon.com/controltower/latest/userguide/proactive-controls.html.
Hi, is the issue mentioned above still active?
I am encountering an API error while attempting to apply the prerequisite control "CT.CLOUDFORMATION.PR.1."
Error: creating ControlTower Control (arn:aws:organizations::123456789:ou/o-****/ou-aj*****,arn:aws:controlcatalog:::control/zafyxpgsg1ck4b99fc0197sk,arn:aws:controltower:us-east-1::control/CT.CLOUDFORMATION.PR.1): operation error ControlTower: EnableControl, https response error StatusCode: 400, RequestID: 5fe1d35b-62a7-4507-9b44-0e8a74d31195, api error BadRequestException: Invalid request body
For the proactive control, CT.CLOUDFORMATION.PR.1 is the prerequisite.
But when I config tfvars like the below:
Terraform apply also returns
I need to apply again to compete the configuration, Is it possible to add some process to handle this situation?
Maybe add prerequisite before the guardrails creation.