Removing the SCP from the manifest file does not detach the SCP from the OUs.

[gabrielbac]

Describe the bug Removing the SCP from the manifest file does not detach the SCP from the OUs

To Reproduce

1. Add an SCP to the manifest
2. Run the pipeline
3. See the SCP attached to the OU
4. Remove the SCP from the manifest
5. SCP is still attached.

Expected behavior SCP should have been detached.

Please complete the following information about the solution:

• Version: [e.g. v2.5.0]

Region: [e.g. us-east-1]

• Was the solution modified from the version published on this repository? NO
• Were there any errors in the CloudWatch Logs? No, pipeline completed successfully.

I know this is similar to https://github.com/aws-solutions/aws-control-tower-customizations/issues/24 Partially resolved for stacksets in v2.5.0 but still needs to be resolved for SCPs

[snebhu3]

@gabrielbac Thank you for reaching out. I have created a backlog to address this issue and discuss it with the team.

[nd-at-globetel]

@snebhu3 hi, any update regarding this issue?

[snebhu3]

@nd-at-globetel unfortunately, we do not have an update at this time.

[Cihl28]

I believe SCPs supports tagging. Please correct me if i'm wrong. They could be treated the exact same way as stacksets in this regard, i.e.:

• Place tag on SCP upon placement by CfCT.
• If a to-be-defined parameter is set to true in the manifest: check if any tagged SCP has a matching manifest entry and detach/remove if it doesn't. How does that sound?

[jmino]

Any update as to when this will be addressed?