aft account customisation resources not created in target account

0

AFT Version: 1.9.1 terraform version: 0.15.5 terraform providers: AWS

Description:- We have deployed control tower and AFT for terraform in a separate AFT account using Terraform, aft version 1.9.1. After deploying aft new account request is working fine, it is running pipeline for creating the account whenever we add new account request terraform code in our AFT account request repository. But account customisation is not working and even we can't see the state machine for account-provisioning-customization as well as no pipeline for any of the account created for account customisation. When we try to run the aft-invoke-customization step function then we are getting below error. Note: The logs mentions about account creation but the account is already existing and we are making customisation through account-customization.

{ "Cause": "An error occurred while executing the state 'run_create_pipeline?' (entered at the event id #33). Invalid path '$.Input.account_provisioning.run_create_pipeline': The choice state's condition path references an invalid value.", "Error": "States.Runtime", "ExecutionArn": "arn:aws:states:us-east-2:<aft-account-id>:execution:aft-account-provisioning-framework:e5c48973-f6fa-4def-beaf-55ca11e33ba2", "Input": "{"account_info":{"account":{"id":"<shared-account-id>","email":"shared_acct@email","name":"shared-account", "joined_method":"CREATED","joined_date":"2023-03-09 07:51:44.747000+00:00","status":"ACTIVE","parent_id":"ou-38lh-9att8jja","parent_type":"ORGANIZATIONAL_UNIT", "type":"account","vendor":"aws"}},"control_tower_event":{},"account_request":{"custom_fields":"{\"group\":\"prod\"}","change_management_parameters": {"change_reason":"Create new ControlPlane account shared-account","change_requested_by":"shared_acct@email.com"},"id":"shared_acct@email.com","control_tower_parameters": {"AccountEmail":"sharedservices-account@email","SSOUserFirstName":"-sharedservices-account","SSOUserLastName":"sharedservices-account" ,"ManagedOrganizationalUnit":"controlplane-ou","AccountName":"shared-account","SSOUserEmail":"shared_acct@email.com@email"},"account_tags": {"Environment":"prod","Owner":"sharedservices-account sharedservices-account","Project":"xyz","Vended":"true","created_by":" sharedservices-account@email"},"account_customizations_name":"shared-customizations"},"account_provisioning":{"run_create_pipeline":"true"}, "customization_request_id":"c0bb8f9a-9f82-4c30-a62c-96119a391b53"}", "InputDetails": { "Included": true }, "Name": "e5c48973-f6fa-4def-beaf-55ca11e33ba2", "StartDate": 1679307003825, "StateMachineArn": "arn:aws:states:us-east-2:<aft-account-id>:stateMachine:aft-account-provisioning-framework", "Status": "FAILED", "StopDate": 1679307036829 }

To Reproduce:- Steps to reproduce the behavior:

  1. Add terraform code in account-customization repository under account_customization_name valued folder
  2. Run the Step function with below input { "include": [ { "type": "accounts", "target_value": [ "<target account id>" ] } ] }
3 個答案
0

Can you try just doing a 'Release Change' on the account specific Pipeline? I know that doesn't directly address your problem using the Invocation, however this should trigger the deployment of the solution to the account similarly to using the invocation step function.

This might tell you if the solution is with the deployment of the customization or if there is just an error triggering the step function.

profile picture
已回答 1 年前
0

Hi THere

Check that the ct-aft-account-provisioning-customizations pipeline ran successfully, as that pipeline creates the aft-account-provisioning-customizations state machine

profile pictureAWS
專家
Matt-B
已回答 1 年前
0

For me, after I created/updated the account-provisioning-customizations repository in GitHub, the final missing step was to update my codestar-connections app to include this new repository.

已回答 10 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南