AWS CloudFormation deployments often fail due to proactive control violations, leaving teams with little information to troubleshoot. This can delay projects and erode confidence in compliance enforcement. To address this, AWS introduced the CloudFormation Hook Invocation Summary console page. It offers detailed logs and guidance, helping organizations reduce deployment failures and resolve compliance issues more quickly. Proactive controls, which work alongside AWS CloudFormation hooks, prevent non-compliant resources from being created. They validate configurations during deployment and block non-compliant resources while providing immediate feedback to developers. This shift-left approach allows organizations to maintain compliance and avoid costly remediation later. The article walks through enabling a specific proactive control (CT.S3.PR.1) that ensures Amazon S3 buckets have proper public access settings. It describes how to test both failure and success scenarios using CloudFormation templates. When a deployment violates the control, the invocation summary provides clear details on the failure, indicating what went wrong and how to fix it. In contrast, a compliant template results in successful resource creation, demonstrating how these proactive controls effectively protect sensitive data from exposure.