Closed trevorlatson closed 3 years ago
@trevorlatson The creation of the OU is a prerequisite before adding it to the manifest. In version 2.0 we added the capability to add empty OUs in the manifest. In this case, it only creates the stack set and not stack instances.
I've found execution fails at the SCP stage, and never continues on to the Stack Set build, if it encounters an OU listed in the manifest.yaml that does not exist. This prevents a use-case we are interested in, where we are planning to build multiple new OU's so add them all to the manifest preemptively. Ideally the stack would continue on to the OU's that do exist at the time instead of failing completely. This would also apply to the Stack Set build pipeline; if it doesn't find the account, log an error but continue on with the accounts that do exist at the time.
`Error
ValueError Cause
{ "errorMessage": "OU id is not found for NTI", "errorType": "ValueError", "stackTrace": [ " File \"/var/task/state_machine_router.py\", line 204, in lambda_handler\n return service_control_policy(event, function_name)\n", " File \"/var/task/state_machine_router.py\", line 69, in service_control_policy\n response = scp.list_policies_for_ou()\n", " File \"/var/task/state_machine_handler.py\", line 940, in list_policies_for_ou\n raise ValueError(\"OU id is not found for {}\".format(ou_name))\n" ] }`