AWS Control Tower failed to set up your landing zone completely: ... because the log group already exists

Question

I am trying to setup a new landing zone with the AWS Control Tower but I get stuck at the same step even after multiple attempts.

AWS Control Tower failed to set up your landing zone completely: AWS Control Tower cannot create log group /aws/lambda/aws-controltower-NotificationForwarder because the log group already exists. To continue, delete the log group from Amazon CloudWatch and try again.

The things is that there is no log group with that name. I have no issues manually creating a log group with the same name nor deleting it afterwards.

I am not quite sure how to continue troubleshooting. The stack setting up another CloudWatch log group works just fine.

score 0 · Answer 1 · answered Dec 03 '20 at 16:49

0

Check of the CoudWatch loggroup in all the 5 regions - N Virginia, Ohio, Oregon, Sydney and Ireland in the master account

answered Dec 03 '20 at 16:49

OK999

1,353
2
19
39

Thank you for your message. It turned out that there was some log groups in the accounts that Control Tower created. Once I removed the log group from those accounts I could complete the setup. – Fredrik Johansson Dec 05 '20 at 14:08

AWS Control Tower failed to set up your landing zone completely: ... because the log group already exists

1 Answers1