I added a new Account request through the AFT module. The Account is in place and I can see it in AWS Organization in the Master Account. However, the Code Pipelines are missing in the AFT Account. I did provision a few more Accounts earlier and those Code Pipelines do exist. Is there a way I can re-trigger the request just to create the missing Code Pipeline for this specific Account. Any help will be much appreciated

Hi,

Please, I have any Nested OU on my AWS Org and I get error passing ManagedOrganizationalUnit value.

It's a limitation or It's possible to pass a Nested OU? I'm using the format: OU1/Nested_OU

Error:

InvalidParametersException The parent organizational unit 'OU1/Nested_OU' is not enrolled in AWS Control Tower.

Hello,

I used the HashiCorp tutorial: https://learn.hashicorp.com/tutorials/terraform/aws-control-tower-aft
Successfully passed the following actions:
Configure the landing zone,
Deploy AFT module,
Enabled CodeStar connection,
Grant AFT access to Service Catalog portfolio,
Rerun account provisioning pipeline.
Everything worked well so far.

But there is an issue deploying new accounts with ATF. terraform plan passes successfully, while terraform apply fails with the following error:
│ Error: ResourceNotFoundException: Requested resource not found │ │ with module.sandbox.aws_dynamodb_table_item.account-request, │ on modules/aft-account-request/ddb.tf line 1, in resource "aws_dynamodb_table_item" "account-request": │ 1: resource "aws_dynamodb_table_item" "account-request" {

The same error is present in CloudWatch /aws/codebuild/ct-aft-account-request.

Running terraform in debug mode doesn't provide more details.

This is the code for account definition:
`module "sandbox" {
source = "./modules/aft-account-request"

control_tower_parameters = {
AccountEmail = "[email protected]"
AccountName = "dev.aws"
ManagedOrganizationalUnit = "aft.aws"
SSOUserEmail = "[email protected]"
SSOUserFirstName = "DEV"
SSOUserLastName = "AWS"
}

account_tags = {
"Name" = "DEV AWS"
}

change_management_parameters = {
change_requested_by = "My Company"
change_reason = "Add dev.aws account"
}

custom_fields = {
group = "dev.aws"
}

account_customizations_name = "sandbox"
}`

Any help will be greatly appreciated!

Hi,

I tried to create an account without account_customizations_name param and I received a 400 error in codebuild.

ValidationException: Supplied AttributeValue is empty, must contain exactly one of the supported datatypes

The account_customizations_name default value default to null but this is an invalid value for dynamoDB, hence the default can't be applied
https://github.com/hashicorp/learn-terraform-aft-account-request/blob/main/terraform/modules/aft-account-request/variables.tf#L42

account_customizations_name = { S = var.account_customizations_name } a string can't be null

I'll be happy to make a fix but I don't know how you want to handle that. Switching the default for empty instead of null ?