Code Monkey home page Code Monkey logo

Comments (5)

groverlalit avatar groverlalit commented on August 15, 2024

@budgreen619 Thanks for sharing your use case with us. If any of the OUs have at least 1 valid account ID other than the Org master account the pipeline should succeed (workaround). The reason we raise this exception to avoid pipeline to fail after the stack set API will fail since there will be no valid account ids in the API call. Note: Version 1.2 only support self-managed stack sets.

Would it be acceptable to execute the pipeline successfully if there are no accounts in the OU and stack set state machine will not be executed?

from aws-control-tower-customizations.

drew-marumoto avatar drew-marumoto commented on August 15, 2024

@groverlalit thanks very much for the response. yes, for my use case it would be perfectly fine to skip any cloudformation resources in manifest.yaml which have OUs without any accounts in them, and not executing the state machine for that specific resource. this would also cover the scenario where a customer might be retiring accounts or moving accounts around which could result in a situation where a there could be empty OUs and thus break the whole pipeline.

my customer will always use CodePipeline as the first location to view the status of CFCT, if the pipeline fails, then they would start drilling down into CodeBuild history, Step Functions, and Cloudformation for further details.

from aws-control-tower-customizations.

groverlalit avatar groverlalit commented on August 15, 2024

@budgreen619 Thanks for the confirmation. We have added this to our backlog and will review before the next release. Appreciate the feedback.

from aws-control-tower-customizations.

trevorlatson avatar trevorlatson commented on August 15, 2024

We are also experiencing this issue. Since Control Tower does not allow for nested OU's we have to create a new OU for each customer, and in order to apply guardrails in a timely fashion they need to be applied to the empty OU before the account is placed in there.

At any rate, having an empty OU is a common use case. Please fix

from aws-control-tower-customizations.

groverlalit avatar groverlalit commented on August 15, 2024

v2.0.0 now supports adding the OU name that does not contain any accounts in the manifest.yaml for the stack set resource.

from aws-control-tower-customizations.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.