Hello friends, I had problem with my superwerker installation. I had setup DNS for subdomain and after I try to retry superwerker I got stuck on RootMail error. I can follow up with some more information as I dont know really what I should share with you.
In logs of /aws/lambda/superwerker-RootMail-C2VJ-rootmailhostedzonedkimpr-OmqVi2DM9xtw
There is loop of error
"errorMessage": "{\"RequestType\":\"Create\",\"ServiceToken\":\"arn:aws:lambda:us-east-1:861276117274:function:superwerker-RootMail-C2VJ-rootmailhostedzonedkimpr-9STYceKdppNF\",\"ResponseURL\":\"<https://cloudformation-custom-resource-response> <....> \",\"PropagationParamName\":\"/superwerker/propagation_status\",\"Domain\":\"aws.analyzer.tools\"},\"PhysicalResourceId\":\"52242bbc-db03-48c1-8626-49aa5c416319\"}",
Ok I rollback and delete stack and start from scratch.
hey ! just came back from vacation and saw all your messages
I still fighting If you like help me I would be please as I had right now other problem xD
Right now I am mess around with superwerker-ControlTower
Resource handler returned message: "Resource of type 'AWS::ControlTower::LandingZone' with identifier 'arn:aws:controltower:us-east-1:861276117274:landingzone/180LBWWVE8FBC464' did not stabilize." (RequestToken: ae309d75-e89e-29a6-20f6-6963c2647cc6, HandlerErrorCode: NotStabilized)
jeah, you are supposed to finish the DNS wiring during the installation, else its a bit annoying
I start from scratch and DNS go like a charm. I configure it directly when live documentation show up.
tbh, its probably easier to start with a new aws account if you want to install superwerker again in the same account
but with new root account?
or Should I create dedicated account for superwerker?
unfortunately, controltower’s cloudformation implemenation does not really behave like Infrastrcture as Code, so when you delete it you have a bunch of things you must delete manually. so when you install it twice in the same account it gets messy. using a seperate root account is the best way for a clean start. you cannot install control tower multiple times in the same aws organisation
very bad… It is not really option for me to make next aws account, as this was created for that purpose, already. How big bunch of thing I need to delete and how to recognize them?
let me check our internal documentation, since we already did it in the past
The best option for me would be to just go further from this LandingZone step
so i found an old script that automates the clean deletion of superwerker and controltower so there are no resources left that hinder a new installation
delete_sw_buckets
delete_sw_backup_stacksets
delete_sw_stack
delete_sw_cloudwatch_resources
delete_sw_ses
delete_sw_ssm
delete_sw_guard_duty "$AUDIT_ACCOUNT"
delete_sw_security_hub "$AUDIT_ACCOUNT"
echo "Deleting controltower resources"
delete_ct_cloudwatch_resources
delete_ct_organization_units # and move audit & security account to suspended OU
delete_ct_stacksets
delete_ct_kms
delete_ct_iam_roles
delete_ct_principal```
that are basically all things you have to delete before trying a new installation
ok, what you think should I rollback first this stack which I had?
Superwerker Part:
- delete any buckets with superwerker
- delete the superwerker backup stackset
- delete the main superwerker stack which will take care of all the other stacks
- delete the living dashboard and the superwerker log groups
- delete the ses identity in eu-west-1
- delete all superwerker ssm parameters
- disable and deactivate guard duty & removed delegated admin (audit account)
- disable and deactivate security hub & removed delegated admin (audit account)