The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
We use this solution to deploy customizations in our home region of us-east-2, but are trying to use it to deploy Cost Anomaly Monitors and subscriptions across all of our accounts. The build stage of the pipeline fails when including a template containing the AWS::CE::AnomalyMonitor resource however, as it only exists in us-east-1 and the validation/run-validation.sh script calls aws cloudformation validate-template with the region parameter set to "$AWS_REGION", which is presumably the region the pipeline itself is running in.
Ideally we would like to have this solution validate templates only in the region(s) they will be deployed in (IE the region(s) listed for each named template in the manifest.yaml file). As an alternative it would be nice to be able to either manually skip validation for a template or specify the region to validate the template in.
We use this solution to deploy customizations in our home region of us-east-2, but are trying to use it to deploy Cost Anomaly Monitors and subscriptions across all of our accounts. The build stage of the pipeline fails when including a template containing the
AWS::CE::AnomalyMonitor
resource however, as it only exists in us-east-1 and thevalidation/run-validation.sh
script callsaws cloudformation validate-template
with the region parameter set to"$AWS_REGION"
, which is presumably the region the pipeline itself is running in.Ideally we would like to have this solution validate templates only in the region(s) they will be deployed in (IE the region(s) listed for each named template in the
manifest.yaml
file). As an alternative it would be nice to be able to either manually skip validation for a template or specify the region to validate the template in.