| Description | This article describes how to delete prior integrations and redeploy the Control Tower CloudFormation template. |
| Scope |
FortiCNAPP, Lacework, Control Tower, Cloud formation. |
| Solution |
Before deploying the latest version of the template, it is necessary to delete the old template that was deployed first. Navigate to the management AWS account of the AWS organization and find the currently deployed stack by going to the search bar and typing CloudFormation.
Next, find the currently deployed stack, and check that the description matches what is written in the screenshot below.
Before deleting it, select the stack and navigate to the parameters page. Take note of the prefix setting, as this will be used to ensure the cloud accounts are fully deleted.
After, select the selector toggle and use the delete button. Wait for the stack to be deleted.
Note: This may fail when there are resources marked for deletion in suspended accounts. Redo the deletion, but use the 'Retain Stack' (Troubleshooting CloudFormation) option.
Next, verify that the cloud integrations have been deleted in Lacework.
There should be no remaining integrations; If there are, delete them.
First, gather a list of integration guides left over by running the following in the Lacework CLI and saving them to a .txt file.
Then use this bash script to delete them. If using Windows, use the Linux subsystem.
Replace the path to the cloudaccounts.txt file generated in the first step.
Verify the accounts are deleted in Lacework FortiCNAPP.
Now the environment is ready to redeploy. Navigate to AWS Control Tower Integration Using CloudFormation to get the latest template.
Select the launch stack link on the doc page above.
Deployment has now started. Follow this document to continue and complete the process: |
