feat(controlTower): add validation of status for ControlTower

[richardkeit]

*As an output of:

• Prepare Stage Fails with Control Tower launch issues #565

Description of changes:

Per the linked issue, the AWS Control Tower launch failed.
When subsequently re-running the pipeline,

$ /codebuild/output/src2276/src/s3/00/source/node_modules/.bin/ts-node packages/@aws-accelerator/modules/bin/runner.ts --module control-tower --partition aws --use-existing-role No --config-dir /codebuild/output/src2276/src/s3/01
--
143 | (node:138) NOTE: The AWS SDK for JavaScript (v2) will enter maintenance mode
144 | on September 8, 2024 and reach end-of-support on September 8, 2025.
145 |  
146 | Please migrate your code to use AWS SDK for JavaScript (v3).
147 | For more information, check blog post at https://a.co/cUPnyil
148 | (Use `node --trace-warnings ...` to show where the warning was created)
149 | 2024-09-13 03:39:28.261 \| info \| runner \| There were no changes found to update or reset the Landing Zone.

There were no changes found to update or reset the Landing Zone.

The actual status of the CT was as follows:

{
    "landingZone": {
        "arn": "arn:aws:controltower:ap-southeast-2:XXXXXXX:landingzone/Zzzzzz",
        "driftStatus": {
            "status": "IN_SYNC"
        },
        "latestAvailableVersion": "3.3",
        "manifest": {
            "accessManagement": {
                "enabled": true
            },
            "securityRoles": {
                "accountId": "AAAAAA"
            },
            "governedRegions": [
                "ap-southeast-2",
                "us-east-1"
            ],
            "organizationStructure": {
                "sandbox": {
                    "name": "Infrastructure"
                },
                "security": {
                    "name": "Security"
                }
            },
            "centralizedLogging": {
                "accountId": "BBBBBBB",
                "configurations": {
                    "loggingBucket": {
                        "retentionDays": 365
                    },
                    "kmsKeyArn": "arn:aws:kms:ap-southeast-2:XXXXXXX:key/YYYYYYYYYY",
                    "accessLoggingBucket": {
                        "retentionDays": 3650
                    }
                },
                "enabled": true
            }
        },
        "status": "FAILED",
        "version": "3.3"
    }
}

Based on missing status, it proceeded to run the prepare stack - which failed on:

AWSAccelerator-PrepareStack-418295722774-ap-southeast-2 \|  28/106 \| 3:42:24 AM \| CREATE_IN_PROGRESS   \| Custom::GetPortfolioId                             \| GetPortFolioId/Resource/Default (GetPortFolioId5CA7347E) Resource creation Initiated
--
374 | AWSAccelerator-PrepareStack-418295722774-ap-southeast-2 \|  28/106 \| 3:42:24 AM \| CREATE_FAILED        \| Custom::GetPortfolioId                             \| GetPortFolioId/Resource/Default (GetPortFolioId5CA7347E) Received response status [FAILED] from custom resource. Message returned: Error: No portfolio ID was found for AWS Control Tower Account Factory Portfolio AWS Control Tower in the account

Testing of change

[richardkeit]

Hi @erwaxler, @bo1984,

Would love this simple validation to be merged in / assessed