Відео

Hello Instructor i recently came across your fantastic course on udemy, it a nice one and i love it, if you don't mind can we book a time on how we can rectify your status ?

you are the guy from Udemy! great job with this tutorial, you saved my thesis 🤖

can you please demo from the beginning , for how to create Control Tower Landing Zone with what Iam user please?

Well done :)

excellent...

Its a wonderful explanation .. thank you somuch sir

So, the third requirement - pre-installed landing zone - can't create it from Terraform? because I am looking for information about this but I dont find anything... any idea?

This is a fantastic video! Thank you so much for making a clear, concise, end-to-end guide. Quick info to anyone following this now. With the new layout on 06:59, you have to click the "Access" tab, followed by "Grant access" (yellow button on right), before you can select roles.

Hi! We need part 2. Have you made it?

Did you manage to use s3 as a terraform state backend? It does create the necessary buckets and dynamodb table but stores the statefile locally. When trying to migrate I don't seem to have permission to write to the bucket in the aft management account from the root/controltower account.

I'm getting an error with AWS permissions. I'm not sure what i'm missing. module.aft.module.aft_account_request_framework.data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole: Refresh complete after 0s [id=arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole] ╷ │ Error: configuring Terraform AWS Provider: IAM Role (arn:aws:iam::xxxxxxxxx3:role/AWSControlTowerExecution) cannot be assumed. │ │ There are a number of possible causes of this - the most common are: │ * The credentials used in order to assume the role are invalid │ * The credentials do not have appropriate permission to assume the role │ * The role ARN is not valid │ │ AWS Error: operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: 7f33036a-1489-498e-add8-dcc1cd24a8fd, api error AccessDenied: User: arn:aws:iam::xxxxxxxx8:user/terraform.cloud is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxx3:role/AWSControlTowerExecution │ │ │ with module.aft.provider["registry.terraform.io/hashicorp/aws"].tf_backend_secondary_region, │ on .terraform/modules/aft/providers.tf line 28, in provider "aws": │ 28: provider "aws" { │ ╵ Operation failed: failed running terraform plan (exit 1) The user i'm using is an admin, but i've also got a policy specifically for AssumeRole { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::xxxxxxxxx3:role/AWSControlTowerExecution" } ] }

Thanks

i like your videos, by the way, the pronunciation for key is 'Kee'.

I still don’t know what is a landing zone

Best explanation.

difficult to understand your English.

@SysArchitect's Diary, Hello, nice video. Do you have any idea why the account customization pipeline is not getting created? This is my case. Thanks !

i have tried exactly how you did by reffering the blog of hashicorp everything worked fine but couldn't be able to create the accounts

Thanks for the informative videos! As a former EFL teacher now DevOps guy, I wanted to give a tip: for technologies, languages, and companies, don't use "the". (The Python, the Google, etc. sounds strange). This is one of the difficulties in English coming from Slavic languages unfortunately. Keep up the awesome content!

Can you please make another video for configuring control tower.

Hi ... It is very useful .. but i have an issue .. every thing works but my account customization pipeline is not getting created in aft account... not sure what im missing out.. any help?

@3:51 Pulumi has stack feature like workspace

great walkthrough! thanks for posting this

Hi Kostiantyn. What happens with the Terraforms state when I need to deploy the same code/infra to different AWS accounts (one for each environment: i.e dev, QA Prod)? Can I define one S3 bucket per environment, or I should use the same S3 bucket for all the accounts?. hope I was clear, Thanks!!

Great! It was an explanation that I was looking for, looking for implementation showing the limitation and capabilities of terraform and terragrunt.

looking for more content on terragrunt.

Great video, keep up

Awesome demo, Skrypnyk, I wanted exactly see a walkthrough like that before diving deep to build one myself!

Good Job, very useful

Great video, I was looking for these stark features terragrunt serves for terraform but could not find anywhere, Hatsoff!!! If possible ,please show these terragrunt features via implementation

How do you resolve this error? error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::xxxxxxxxx375:role/AWSControlTowerExecution) cannot be assumed. │ │ There are a number of possible causes of this - the most common are: │ * The credentials used in order to assume the role are invalid │ * The credentials do not have appropriate permission to assume the role │ * The role ARN is not valid I've assumed roles for each account under my "ct_management" user profile, but still having the same error

Hello, thanks for your video!! I have a question, I am learning about control tower and creating new accounts and, I want to know which kind of global customization and account customization you can add.

Great video. Thanks a lot for taking the time to create it.