LZA scopes in us-east-1 when Control Tower Configurations are defined in global-config.yaml

[ZalmnS]

Describe the bug When LZA within the Global Config file for its Repository has its configuration specified like so:

controlTower:
  enable: true
  controls: []

The LZA Pipeline properly scopes in all Resources as intended (I'm specifically targeting just us-west-2 within my Config file since its my home region)

When the LZA Pipeline has the following defined within its global-config.yaml file:

controlTower:
  enable: true
  landingZone:
    version: '3.3'
    logging:
      loggingBucketRetentionDays: 365
      accessLoggingBucketRetentionDays: 3650
      organizationTrail: true
    security:
      enableIdentityCenterAccess: true
  controls: []

It triggers the Control Tower Landing Zone to turn on governance to us-east-1, which causes subsequent failures within the deployment as the global-config.yaml file has not defined us-east-1 within its targeted regions.

This causes the Pipeline to fail within subsequent steps due to the CDK Bootstrap Stack for us-east-1 not being deployed within the newly turned on us-east-1 region

To Reproduce Steps to reproduce the behavior.

Within a Control Tower Landing Zone that does not have us-east-1 governed, deploy in the LZA pipeline the following snippet for the Control Tower Configuration:

controlTower:
  enable: true
  landingZone:
    version: '3.3'
    logging:
      loggingBucketRetentionDays: 365
      accessLoggingBucketRetentionDays: 3650
      organizationTrail: true
    security:
      enableIdentityCenterAccess: true
  controls: []

Once the above notations are removed, and I just specify Control Tower being enabled, I am able to deploy to my targeted regions without us-east-1 being scoped in. Note that during the Prepare step is when I see us-east-1 getting turned on for governance

Expected behavior I should be able to define the Control Tower Landing Zone version and the logging/security details via the global-config.yaml file without having us-east-1 scoped into my Landing Zone enabled Regions.

Please complete the following information about the solution:

• [1.9.1 ] Version: [e.g. v1.5.1]

To get the version of the solution, you can look at the description of the created AWS CloudFormation stack used to install the LZA (AWSAccelerator-InstallerStack). For example, "(SO0199) Landing Zone Accelerator on AWS. Version 1.5.1.". If the description does not contain the version information, you can look at the Parameters of the stack for the RepositoryBranchName as that should contain the version number.

• [us-west-2 ] Region: [e.g. us-east-1]
• [N] Was the solution modified from the version published on this repository?
• [N ] If the answer to the previous question was yes, are the changes available on GitHub?
• [N/A] Have you checked your service quotas for the services this solution uses?
• [N ] Were there any errors in the CloudWatch Logs?

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information). N/A Additional context

[richardkeit]

Hi @ZalmnS ,

Similar to this query:

• https://github.com/awslabs/landing-zone-accelerator-on-aws/issues/544