awslabs/aws-config-engine-for-compliance-as-code

Compliance application in second region failing

JamesMGerstenberg opened this issue · 1 comments

JamesMGerstenberg commented

Currently Have Deployed this in US-east-1 region fine to multiple accounts. I have Deployed Compliance engine and application to us-east-2. I run the Code build which runs correct. The issue is no rules are ever created in the second region. When looking at cloudformation The RDK-Config-Rule-Functions go into a rollback_failed status. Which I have no clue why.

15:28:14 UTC-0500 | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | RDK-Config-Rule-Functions | The following resource(s) failed to create: [IAMGROUPNOPOLICYFULLSTARLambdaFunction, IAMUSERNOPOLICYFULLSTARLambdaFunction, INTERNETGATEWAYAUTHORIZEDONLYLambdaFunction, IAMROLENOPOLICYFULLSTARLambdaFunction, COMPLIANCERULESETLATESTINSTALLEDLambdaFunction, EBSENCRYPTEDVOLUMESV2LambdaFunction, ROOTNOACCESSKEYLambdaFunction]. . Rollback requested by user.
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | IAMUSERNOPOLICYFULLSTARLambdaFunction | RDK-Rule-Function-IAMUSERNOPOLICYFULLSTAR already exists
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | ROOTNOACCESSKEYLambdaFunction | RDK-Rule-Function-ROOTNOACCESSKEY already exists
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | COMPLIANCERULESETLATESTINSTALLEDLambdaFunction | RDK-Rule-Function-COMPLIANCERULESETLATESTINSTALLED already exists
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | IAMROLENOPOLICYFULLSTARLambdaFunction | RDK-Rule-Function-IAMROLENOPOLICYFULLSTAR already exists
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | EBSENCRYPTEDVOLUMESV2LambdaFunction | RDK-Rule-Function-EBSENCRYPTEDVOLUMESV2 already exists
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | IAMGROUPNOPOLICYFULLSTARLambdaFunction | RDK-Rule-Function-IAMGROUPNOPOLICYFULLSTAR already exists
  | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | INTERNETGATEWAYAUTHORIZEDONLYLambdaFunction | RDK-Rule-Function-INTERNETGATEWAYAUTHORIZEDONLY already exists
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | IAMUSERNOPOLICYFULLSTARLambdaFunction |  
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | ROOTNOACCESSKEYLambdaFunction |  
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | IAMROLENOPOLICYFULLSTARLambdaFunction |  
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | COMPLIANCERULESETLATESTINSTALLEDLambdaFunction |  
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | EBSENCRYPTEDVOLUMESV2LambdaFunction |  
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | IAMGROUPNOPOLICYFULLSTARLambdaFunction |  
  | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | INTERNETGATEWAYAUTHORIZEDONLYLambdaFunction

JamesMGerstenberg commented

Closing. Seems the Lamdba function from original deploy did not clean up.