shubhankarNegi
commented
2 years ago Hi brother, What you need to do here is you have to maintain the exact file structure as provided by the author. When you download the repo then only extract one time at your local machine, then create an s3 bucket and follow the folder structure sa/asa-iam-rotation , then upload the folders CloudFormation/’, ‘Template/’, and ‘Lambda/ and then create the cloudformation 1st stackset and after that create the 2nd stack.
awscloudarch87
I'm testing it in my personnel account where I have created my Organization by inviting my existing account. I have followed every single step as per the Document Version 2.0 but its keep failing at Step number 6 in 4.2 and Step number 6 in 4.3.
Errors: -
ResourceLogicalId:NotifierLambdaFunction, ResourceType:AWS::Lambda::Function, ResourceStatusReason:Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for keyrotationpocjyo/asa/asa-iam-rotation/Lambda/notifier.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: Lambda, Status Code: 403, Request ID: 4f4fe2e9-09c9-4ac5-8e62-385d59b0d073)" (RequestToken: 4aa078bf-0364-44e0-8cdd-c6de2ae3b422, HandlerErrorCode: AccessDenied).
ResourceLogicalId:ASAIAMExemptionsGroup, ResourceType:AWS::IAM::Group, ResourceStatusReason:IAMKeyRotationExemptionGroup already exists.
I just followed the document no additional steps I have done pre/post of the guidelines in the document, can you please suggest, what action has to be take to fix this.
I understood from the Error Status reason that I need to set some permissions but wondering why they are not defined in the document? Can you please suggest to fix this issue.