Failing to create security-automations-for-aws-waf in il-central-1
arshikam opened this issue · 3 comments
Describe the bug
Solution is not deploying in il-central-1 region.
To Reproduce
Try to deploy the stack in il-central-1 region:
Expected behavior
It should deploy in the il-central-1 region.
Please complete the following information about the solution:
- Version: [e.g. v3.1] latest
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "Security Automations for AWS WAF v3.1: This AWS CloudFormation template helps you provision the Security Automations for AWS WAF stack without worrying about creating and configuring the underlying AWS infrastructure". If the description does not contain the version information, you can look at the mappings section of the template:
Mappings:
SourceCode:
General:
TemplateBucket: 'solutions-reference'
SourceBucket: 'solutions'
KeyPrefix: 'waf-security-automation/v3.1'- Region: [e.g. us-east-1] il-central-1
- Was the solution modified from the version published on this repository? No
- If the answer to the previous question was yes, are the changes available on GitHub?
- Have you checked your service quotas for the services this solution uses?
- Were there any errors in the CloudWatch Logs?
Screenshots
If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context
When trying to deploy the below solution in il-central-1 region:
https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/step-1.-launch-the-stack.html
Getting below error:
Error 1:
There was an error creating this change set
Template format error: Unrecognized resource types: [AWS::ServiceCatalogAppRegistry::AttributeGroup, AWS::ServiceCatalogAppRegistry::Application, AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation, AWS::ServiceCatalogAppRegistry::ResourceAssociation]
Now I found a document where it says that 'ServiceCatalogAppRegistry' is not supported for il-central-1 region but it is not a official document.
https://www.aws-services.info/servicecatalog-appregistry.html
The same stack is getting deployed successfully in us-east-1 region.
Tried to remove the dependancy for 'ServiceCatalogAppRegistry' resource from the template and deployed the stack. This time it failed with below error:
Resource handler returned message: "Error occurred while GetObject. S3 Error Code: IllegalLocationConstraintException. S3 Error Message: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to. (Service: Lambda, Status Code: 400, Request ID: ***)" (RequestToken: ***, HandlerErrorCode: InvalidRequest)
Please guide on this as to how we can proceed and deploy the solution in il-central-1 region
I think #254
provides a solution to be able to deploy to a region without AppRegistry.
Obviously AppRegistry cannot be used for monitoring in such a case.
The out-of-box solution is not supported in il-central-1 region. You can try to customize the source code, build and upload assets to s3, following https://github.com/aws-solutions/aws-waf-security-automations/blob/main/README.md.
This is a duplicate of an internal ticket. Close this ticket.