Community::SecurityHub::SecurityControl results in "Internal Failure"

[DannyBlazejczak]

I used the "disabled security controls" from here:
https://github.com/org-formation/security-hub/blob/main/src/300-security-hub/disabled-security-controls.yml

The relevant code snippit is this:

  # [Config.1] IAM policies should not allow full "*" administrative privileges
  SecurityControlConfig1:
    OrganizationBinding: !Ref AllAccountsNonDefaultRegions
    Type: Community::SecurityHub::SecurityControl
    Properties:
      ControlId: Config.1
      ControlStatus: DISABLED
      DisabledReason: This control is disabled in non-primary aws regions where recording global resources is disabled

But they fail when running cloudformation with "Internal Failure".
I have the same failure when I try running this in other accounts as well.
I verified that the Community::SecurityHub::SecurityControl is registered with cloudformation in that account and region.
I also tried several other versions of the resource.

I am successfully running all the other Commuity::xxx resource providers, but just this one is not working.

I see from cloudtrail that the resource provider successfully assumes the execution role for the resource provider, but I can't see (or find) any other APIs emitted afterwards.

Really hard to debug these resource providers. I cannot see any logs that may be relevant. From AWS documentation, this error could happen when not all the parameters are correctly provided? But I'm just guessing here.