Question: Does the CfCT Pipeline trigger upon account creation/updates made in Control Tower?

[eambriz27]

Describe the bug Currently, I have implemented CfCT based on the most current implementation hosted in this GitHub repo as of 07/20/2023. After completing the implementation, I tested an account update within a demo account that is targeted within the manifest file, and was hoping to see the CodePipeline rerun, but did not see any activity. Although, after manually creating a rule in EventBridge to invoke the Pipeline after seeing an account update and/or creation, I was presented with expected behavior. So my question is, are account updates and creations meant to trigger CfCT, applying all customizations to the new/updated accounts? If so, is this by default or are there best practices to implement this? Is adding the EventBridge Rule in the customizations-for-aws-control-tower.template resources section a viable way to do this?

To Reproduce Deploy CfCT, add customizations to manifest file, deploy account update/creation.

Expected behavior CfCT would run against newly updated account by default.

Please complete the following information about the solution:

• [ ] Version: v2.6.0

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0089) - customizations-for-aws-control-tower Solution. Version: v1.0.0". You can also find the version from releases

• [ ] Region: us-west-2
• [ ] Was the solution modified from the version published on this repository? No
• [ ] If the answer to the previous question was yes, are the changes available on GitHub?
• [ ] Have you checked your service quotas for the sevices this solution uses?
• [ ] Were there any errors in the CloudWatch Logs? No

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context Add any other context about the problem here.

[snebhu3]

@eambriz27 thank you for reaching out. Please may you elaborate on what updates are performed on the targeted account?

[eambriz27]

The only update that was made was the update to Landing Zone version 3.1 @snebhu3

[stumins]

CFCT triggers the customization pipeline when:

• A manifest update is made (either in CodeCommit or S3)
• When a Control Tower CreateManagedAccount event occurs.
  • See: https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/customizations-for-aws-control-tower.template#L3134
  • Note that the pipeline does not trigger on UpdateManagedAccount events - that feature request is tracked via #173