Closed kp2401075 closed 3 months ago
Update: Had a chat with aws support regarding this,
They got me to deploy the stack without condition in SourceS3BucketPolicy.
Like this
SourceS3BucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Condition: IsSourceAccount
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
Bucket: !Ref SourceS3
PolicyDocument:
Id: CrossAccessPolicy
Version: "2012-10-17"
Statement:
- Sid: AllowTLS12Only
Effect: Deny
Principal: "*"
Action: s3:*
Resource:
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}'
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}/*'
Condition:
NumericLessThan:
s3:TlsVersion: 1.2
- Sid: AllowOnlyHTTPS
Effect: Deny
Principal: "*"
Action: s3:*
Resource:
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}'
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}/*'
Condition:
Bool:
aws:SecureTransport: false
- Sid: AllowReadBilling
Effect: Allow
Principal:
Service: billingreports.amazonaws.com
Action:
- s3:GetBucketAcl
- s3:GetBucketPolicy
Resource:
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}'
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}/*'
- Sid: AllowWriteBilling
Effect: Allow
Principal:
Service: billingreports.amazonaws.com
Action:
- s3:PutObject
Resource:
- !Sub 'arn:${AWS::Partition}:s3:::${SourceS3}/*'
So may be the conditions introduced in this commit is causing the failure. Or it may be something else.
But I was able to deploy without the conditions.
Thanks for reporting this. Fixing in this PR https://github.com/aws-samples/aws-cudos-framework-deployment/pull/857
Fixed. Please retry
we're facing unusual error deploying
cur-aggregation.yaml
template in regionap-southeast-2
Error occurs while creating CUR report.
Deployment worked 2 weeks back just fine.
I checked cloudwatch logs from custom lambda that deploys CUR
I also checked custom lambda cloudwatch Logs from 2 weeks back it looks identical except for the Validation Error and failure.
Here is error from it