_validate_regions is checking that the inputs are all in the set of regions retrieved from JSON from the a2z domain. Superwerker doesn’t pass any regions to the deploy function, so the deploy function uses [self.region] as a default value. I would assume in your case that’s ["us-west-2"].
Which exists in the JSON. so no exception needs to be raised.
"attributes": {
"aws:region": "us-west-2",
"aws:serviceName": "AWS Control Tower",
"aws:serviceUrl": "<https://aws.amazon.com/controltower>"
},
"id": "controltower:us-west-2"
}```I would assume in your case that’s
["us-west-2"]
I can’t find any code to setself.region, so it’s also possible that the value is[None]
Anyway, it looks like at this point the region_list contains references to GovCloud regions. Which is probably going to cause a problem when you run in a commercial region.
for region in self.get_available_regions()]```That list is used to build some configuration and payload objects.
'RegionConfigurationList': region_list}
payload = {'Configuration': configuration,
'HomeRegion': self.region,
'LogAccountEmail': logging_account_email,
'SecurityAccountEmail': security_account_email,
'RegionConfigurationList': region_list,
'SetupLandingZoneActionType': 'CREATE'
}```And the payload is passed to a private AWS API called “SetupLandingZone” in another function called _deploy.
succeeded = False
while retries:
response = self._call("SetupLandingZone", payload)
succeeded = response.ok
retries -= 1
if response.ok:
retries = 0
if all([not response.ok,
retries]):
self.logger.error('Failed to deploy control tower with response status "%s" and response text "%s"'
'still have %s retries will wait for %s seconds', response.status_code,
response.text, retries, wait)
sleep(wait)
if not succeeded:
self.logger.error('Failed to deploy control tower, retries were spent.. Maybe try again later?')
return False
self.logger.debug('Successfully started deploying control tower.')
# Making sure that eventual consistency is not a problem here,
# we wait for control tower to be aware of the service catalog process
while not self.busy:
time.sleep(1)
return True```The source of the _deploy function looks like it prints the error message that you opened this thread with.
And it looks like the reason it raises this error is because AWS has added GovCloud regions to that weird JSON file.
I’m guessing that since the awsapilib makes no attempt to filter those GovCloud regions that AWS made this change recently.
<https://aws.amazon.com/blogs/mt/announcing-aws-control-tower-support-for-govcloud/|Use AWS Control Tower to Simplify Governance in AWS GovCloud (US) Regions>
On October 19, 2022, we announced the general availability of AWS Control Tower in AWS GovCloud regions. Customers can now use AWS Control Tower to set up landing zones and establish a baseline multi-account environment on their GovCloud organizations. In this post, we’ll show you how to provision a landing zone and start adding your GovCloud account to AWS Control Tower.
Well done . You just discovered a bug in awsapilib that has probably broken Superwerker for everyone.
It looks like something we should report to the maintainers of Superwerker and awsapilib.
Must you use Superwerker and Control Tower in your project? If you are open to using something else to build a landing zone there are other options out there. I evaluated Control Tower at the start of my project and rejected it for many reasons. One of the main reasons was the lack of good automation around its management. This situation looks like an example of that.
I really like the idea of Superwerker, but it inherits all the problems of Control Tower.
I’m preparing a GitHub issue to share with the awsapilib and Superwerker maintainers.
To help me write the issue can you tell me where you saw the error message that started this thread?
It looks like it came from a CloudWatch log for a Lambda function, or from a CloudFormation event.
Sorry for the delayed response I had to step away for personal stuff. Let me catch up on the thread.
No worries. I’m about to close down for dinner. It’s getting late here 
I was just reading that, thank you for all your help. I’ve learned a lot just from following your thought processes.
