We tried creating a Solo stack in a new AWS account provisioned through our AWS Control Tower. This would be our second Solo stack, but the only one in this account. Not being used to everything AWS, I didn't think of creating myself an admin IAM user and launched the Cloud Formation directly from my admin SSO account. Here's what happened while creating the Storage's MountTargets:
CREATE_FAILED: The IAM identity making this call has an IAM policy that is too large. Reduce...
I then realized what was happening and started afresh with a new IAM admin user. But here's what happens, again while creating the Storage:
CREATE_FAILED: Embedded stack arn:aws:cloudformation:us-east-1:<ACCOUNT>:stack/yada-demo-Storage<...> was not successfully created: The following resource(s) failed to create: [DatomicCmk, CatalogTable, FileSystem, LogGroup, LogTable].
I suspect the creation failed because of leftovers that the Cloud Formation wasn't able to remove to replace them.
More precisely, I suspect what's happening is that some of the Control Tower's Guardrails impede the stack (re)creation:
I'm currently cleaning out the leftovers and will try again one more time after that.
If anyone knows anything about this, please share some help! I'll report back with my findings too.