Fixing AWS Control Tower Baseline resources
Problem When updating AWS Control Tower accounts after a landing zone upgrade, you may find that some dev has messed up the Control Tower resources or attempted to remove a Stack when they shouldn't. This can lead to the account updates failing for various reasons. You may see something like... AWS Control Tower failed to deploy one or more stack set instances: StackSet Id: AWSControlTowerBP-BASELINE-CONFIG:4ef4fefe-1234-4659-938c-fd6da95c0e76, Stack instance Id: arn:aws:cloudformation:us-east-1:406111111874:stack/StackSet-AWSControlTowerBP-BASELINE-CONFIG-c46feddd-1234-459c-aa45-132e23e4d36c/43406ac0-928a-11ec-9017-0eb6c2b8c189, Status: OUTDATED, Status Reason: Stack:arn:aws:cloudformation:us-east-1: 406111111874:stack/StackSet-AWSControlTowerBP-BASELINE-CONFIG-c46feddd-1234-459c-aa45-132e23e4d36c/43406ac0-928a-11ec-9017-0eb6c2b8c189 is in DELETE_FAILED state and can not be updated. Or maybe you hit something like... AWS Control Tower cannot create the Config deliverychannel aws-c