Troubleshooting customizations in LZA - Trying to deploy STNO / AWS Transit Gateway Orchestrator

Question

Hey there

I am attempting to deploy STNO [AWS Transit Network Orchestrator] via LZA. This is another AWS solution provided here:
https://docs.aws.amazon.com/solutions/latest/network-orchestration-aws-transit-gateway/solution-overview.html

The Role CF templates work fine, as does the spoke template. However when I attempt to deploy the Hub template I get an error I am not sure how to go about troubleshooting. 
*Deployment works normally if I go to Network and deploy the CF stack, hence asking in the LZA section*.

- Local "yarn validate-config" returns successful.
- 3 of the 4 templates from the AWS STNO solution work fine.
- I tried deploying both version 3.3.23 and 3.3.25 of STNO.
- I changed the parameters I am pushing to the template to as few as possible leaving the rest as defaults.
- CodePipeline fails on Bootstrap step at "Customizations"

From the logs, where I see the error, I believe it is this:

```
2026-05-14T13:45:04.721Z
2026-05-14 13:45:04.001 | [31merror[39m | app | Error in createMultiAccountMultiRegionStacks:

2026-05-14 13:45:04.001 | [31merror[39m | app | Error in createMultiAccountMultiRegionStacks:
2026-05-14T13:45:04.721Z
2026-05-14 13:45:04.003 | [31merror[39m | app | TypeError: array.some is not a function
```
as well as this:

```
2026-05-14T13:45:04.721Z
[Container] 2026/05/14 13:45:04.551891 Phase complete: UPLOAD_ARTIFACTS State: FAILED

[Container] 2026/05/14 13:45:04.551891 Phase complete: UPLOAD_ARTIFACTS State: FAILED
2026-05-14T13:45:04.721Z
[Container] 2026/05/14 13:45:04.551902 Phase context status code: CLIENT_ERROR Message: no matching artifact paths found

[Container] 2026/05/14 13:45:04.551902 Phase context status code: CLIENT_ERROR Message: no matching artifact paths found
2026-05-14T13:45:04.721Z
no matching artifact paths found

no matching artifact paths found
```

And this is the actual reported error from the summary tab in he execution details:

``
Build terminated with state: FAILED. Phase: BUILD, Coe: COMMAND_EXECUTION_ERROR, Message: Error while executing command: if [ "$ACCELERATOR_STAGE" != "pre-approval" ]; then if [ "${CDK_OPTIONS}" = "bootstrap" ]; then if [ $FULL_SYNTH = "true" ]; then set -e && yarn run ts-node --transpile-only cdk.ts synth --stage $ACCELERATOR_STAGE --config-dir $CODEBUILD_SRC_DIR_Config --partition aws; fi if [ "${ACCELERATOR_STAGE}" = "bootstrap" ]; then yarn run ts-node --transpile-only cdk.ts synth --stage $ACCELERATOR_STAGE --config-dir $CODEBUILD_SRC_DIR_Config --partition aws; yarn run ts-node --transpile-only cdk.ts $CDK_OPTIONS --config-dir $CODEBUILD_SRC_DIR_Config --partition aws; fi if [ $FULL_SYNTH = "true" ]; then set -e && tar -czf cf_$ARCHIVE_NAME -C cdk.out .; else touch full-synth-false.txt; fi if [ "${ACCELERATOR_ENABLE_APPROVAL_STAGE}" = "Yes" ] && [ "$ACCELERATOR_STAGE" != "bootstrap" ]; then tar -czf diff_cdk_out_$ARCHIVE_NAME -C cdk.out . find cdk.out -type f -name "*.diff" -print0 | tar --transform='s|.*/||' -czf diff_$ARCHIVE_NAME --null -T - aws s3 cp diff_$ARCHIVE_NAME $DIFFS_DIR/$CODEPIPELINE_EXECUTION_ID/ fi else eval ARTIFACTS='$'CODEBUILD_SRC_DIR_$STAGE_ARTIFACT if [ -f "${ARTIFACTS}/cf_${ARCHIVE_NAME}" ]; then mkdir -p cdk.out tar -xzf $ARTIFACTS/cf_$ARCHIVE_NAME -C cdk.out; else set -e && yarn run ts-node --transpile-only cdk.ts synth --stage $ACCELERATOR_STAGE --config-dir $CODEBUILD_SRC_DIR_Config --partition aws; fi set -e && yarn run ts-node --transpile-only cdk.ts $CDK_OPTIONS --config-dir $CODEBUILD_SRC_DIR_Config --partition aws; fi fi. Reason: exit status 1
``

Any idea where to look to try to resolve it?

Florian Turnwald · Answer

The specific error TypeError: array.some is not a function indicates a structural issue within your customizations-config.yaml rather than an issue with the STNO template parameters themselves. This occurs when the LZA engine expects an array (list) for iteration but encounters a string or a single object due to formatting.

Please verify the following in your Hub template configuration:

* **Deployment Targets:** Ensure that organizationalUnits, accounts, or regions are explicitly formatted as YAML lists (using leading dashes -). A common mistake is providing a single string value (e.g., organizationalUnits: Security) instead of a list.

* **Property Alignment:** Check that the deploymentTargets block is correctly indented under the specific customStack or stackSet for the Hub. If the indentation is off, the LZA parser may fail to recognize the targets as an iterable collection.

* **Consistency Check:** Since your Spoke templates are working, perform a side-by-side comparison of the deploymentTargets section in the Hub configuration versus the Spoke configuration. The error suggests the Hub definition is missing the list syntax required by the createMultiAccountMultiRegionStacks logic.

The "artifact" error is purely a side effect of the synthesis phase crashing before the CloudFormation templates could be generated.

Florian Turnwald · Answer

**Regarding your last comment and observation:** You are likely hitting a classic YAML/LZA parsing edge case.
While a / or : is generally allowed, the LZA's internal processing engine sometimes struggles if complex strings (like an ARN) aren't explicitly handled. If the parser misinterprets that string, it can corrupt the structure of the parameters block, which leads directly back to the **TypeError: array.some is not a function** - essentially, the engine is trying to iterate over what it thinks should be an array of parameters, but it's receiving a malformed object or string instead.

**A few things to try:**

1. **Strict Quoting:** Ensure the ARN is wrapped in double quotes in your customizations-config.yaml:
   parameterValue: "arn:aws:organizations::123456789012:organization/o-example"

2. **Simplify the Input:** If the STNO template allows it, try passing only the Organization ID (e.g., o-54321) instead of the full ARN, and use !Sub or Join inside the CloudFormation template to reconstruct the ARN.

3. **Check for Hidden Tabs:** Sometimes when pasting ARNs, invisible characters or tabs can sneak in, which validate-config might miss but the CDK synthesis phase will trip over.

To me, it definitely sounds like the LZA-specific mapping logic is the culprit here, especially since hardcoding it in the template worked. Let me know if quoting the parameter does the trick!

re:Post Agent · Answer

Based on the error messages you're seeing, this appears to be a CDK application failure during the customizations deployment stage. The key error "TypeError: array.some is not a function" suggests there's likely a configuration issue with how the STNO hub template parameters are being passed through LZA's customizations framework.

When troubleshooting deployment errors in LZA, the text before the generic "COMMAND_EXECUTION_ERROR" message typically indicates which resource(s) failed to deploy. The "array.some is not a function" error suggests that LZA is expecting an array format for one of the parameters, but it's receiving a different data type instead.

Since you mentioned that you've reduced the parameters to as few as possible, I'd recommend checking the following:

1. **Parameter Format**: Verify that any parameters you're passing to the hub template through LZA's customizations configuration are properly formatted as arrays where expected. The STNO hub template requires specific parameters like "Cognito Domain Prefix" and "Allow Listed Ranges" - ensure these are formatted correctly in your LZA configuration.

2. **Configuration File Structure**: Double-check your customizations-config.yaml file to ensure the stackSets or customStacks section properly defines the hub template deployment with all required parameters in the correct format.

3. **Build Logs**: Look earlier in the CodeBuild logs (before the generic error message) to identify the specific resource or parameter that's causing the failure. The actual failure point will provide more context about what's being misinterpreted.

4. **Template Compatibility**: Since the hub template deploys successfully through the CloudFormation console but fails through LZA, there may be a difference in how parameters are being passed. Consider whether any parameters need to be converted to comma-delimited lists or JSON arrays for LZA's processing.

The "no matching artifact paths found" error is likely a secondary issue resulting from the initial deployment failure, as the build process couldn't complete successfully to generate the expected artifacts.  
**Sources**  
[Update the hub stack(s) - Network Orchestration for AWS Transit Gateway](https://docs.aws.amazon.com/solutions/latest/network-orchestration-aws-transit-gateway/update-the-hub-stack.html)  
[Problem: Core pipeline failure - Landing Zone Accelerator on AWS](https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/problem-core-pipeline-failure.html)

Bomahony · Answer

@florian

I did some messing yesterday, and it seems a bit odd. The spoke template works fine with ANs with a slash, and so do others in the Hub template, it seems to only affect the "Principals" parameter in the STNO Hub template.

For now im going to hardcode that at my end while i run the full deploy, as I was stopping the pipeline after the bootstrap. Once that is done i may go back and try to troubleshoot further. That being said, the Principals parm is our Orgz ID so that wont change regarless of region....

Troubleshooting customizations in LZA - Trying to deploy STNO / AWS Transit Gateway Orchestrator

Add your answer

Relevant content