search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
356 stars 205 forks source link

Build fails if it finds Suspended Accounts in Organizations #48

Closed ctrombet closed 3 years ago

ctrombet commented 3 years ago

Terminated few unused accounts in my AWS Organizations. Pipeline is now stuck since there are some nested StackSet that can not update (complaining about missing roles - well yes the roles are not there anymore since the account has been deleted). I have tried to delete StackSets manually, but the best I could do was https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-removal-stacksets/

The account deleted was in INOPERABLE state so I had to set RetainStacks to true. Now in the stacksets the deleted account does not show up, but it is still listed under StackInstanceAccountList.

I have a failure in the Step Function which is: {"time_stamp": "2021-02-24 13:52:07,488","log_level": "INFO","log_message": Account: xxxxx - describing stack instance in eu-west-1 region}

This account is the Suspended one:

   "FunctionName": "describe_stack_set_operation"

    "eu-west-1": "Cancelled since failure tolerance has exceeded",

Version of customizations is 1.2.1

groverlalit commented 3 years ago

Can you please confirm if you initiated the pipeline manually after cleaning the stack instances using the stack set console? If applicable, have you removed the account IDs from the manifest.yaml file?

Thanks.