Control Tower Drift issue

Question

SCP was removed from Organisation by mistake and then Drift is detected in Control Tower.  
We are trying to fix the Drift but Cloudformation (AWSControlTowerBP-BASELINE-CLOUDTRAIL-MASTE*) was failed and in UPDATE_ROLLBACK_FAILED state due to insufficient role permission, Now we have added the required permission and retrying to fix the  control tower but it's still failing and not getting any error message.
I can also see in Cloudformation events that no new events is happening, What should be done to resolve the issue.
Thanks & Regards

Answer

It was due to CloudFormation stuck. I followed below step and rertry the Control Tower setup, It works out.
If you want to skip FAILED resources during rollback, complete the following:

1.    From the Stack name column, select the stack that's stuck in UPDATE_ROLLBACK_FAILED status.

2.    Choose Stack Actions, and then choose Continue update rollback.

3.    In the Continue update rollback dialog box, expand Advanced troubleshooting.

4.    In the Resources to skip - optional section, select the resources that you want to skip.

5.    Choose Continue update rollback.

Control Tower Drift issue

相关内容