search

aws-ia / cfn-abi-crowdstrike-fcs

Apache License 2.0
3 stars 3 forks source link

StateManager association fails to execute automation due to invalid parameters #68

Open tomjacobchirayil opened 1 month ago

tomjacobchirayil commented 1 month ago

The state manager association created by the solution has incorrect parameter value for the Parameter 'Action' https://github.com/aws-ia/cfn-abi-crowdstrike-fcs/blob/main/templates/ssm-association-stackset.yml

The allowed values for the parameter 'Action' according to the above template is AllowedValues: [ "install", "uninstall"]

The automation execution using the above state manager assocation is failing with the below error message:

Excerpts from CloudTrail:

    "eventSource": "ssm.amazonaws.com",
    "eventName": "StartAutomationExecution",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "ssm.amazonaws.com",
    "userAgent": "ssm.amazonaws.com",
    "errorCode": "InvalidAutomationExecutionParametersException",
    "errorMessage": "Parameter \"Action\" has value \"install\" not found in [Install, Uninstall].",
    "requestParameters": {
        "documentName": "CrowdStrike-FalconSensorDeploy",
        "documentVersion": "2",
        "parameters": {
            "AutomationAssumeRole": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "Action": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "FalconClientSecret": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "SecretsManagerSecretName": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "FalconClientId": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "SecretStorageMethod": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "FalconCloud": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ]
        }

Is it possible to change allowed values accordingly in the 'templates/ssm-association-stackset.yml' template? AllowedValues: [ "Install", "Uninstall"]

ryanjpayne commented 1 month ago

@tomjacobchirayil thank you this has been addressed in the latest PR.

@kkvinjam please link to https://github.com/aws-ia/cfn-abi-crowdstrike-fcs/pull/69 and close. Thanks!

EylonT commented 1 month ago

After the update, the new CloudFormation template fails with the following error on the resource: StagingS3BucketPolicy

CustomResource attribute error: Vendor response doesn't contain organization_id attribute in object arn:aws:cloudformation:eu-west-1:xxxxxxxxxx:stack/stack-org-master-crowdstrike-enable-integrations/xxxxxxx|OrgIdLambdaCustomResource|xxxxxxx

Using the older version still works successfully. Please check on your end that the template is completed successfully.