Open awscloudarch87 opened 2 years ago
Hi brother, What you need to do here is you have to maintain the exact file structure as provided by the author. When you download the repo then only extract one time at your local machine, then create an s3 bucket and follow the folder structure sa/asa-iam-rotation , then upload the folders CloudFormation/’, ‘Template/’, and ‘Lambda/ and then create the cloudformation 1st stackset and after that create the 2nd stack.
Thanks for your response, I have already created/uploaded the folders as same as described in the Runbook but still I'm having the issue, May I know if you have already tried to implement this and made it successfully?
I'm testing it in my personnel account where I have created my Organization by inviting my existing account. I have followed every single step as per the Document Version 2.0 but its keep failing at Step number 6 in 4.2 and Step number 6 in 4.3.
Errors: -
ResourceLogicalId:NotifierLambdaFunction, ResourceType:AWS::Lambda::Function, ResourceStatusReason:Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for keyrotationpocjyo/asa/asa-iam-rotation/Lambda/notifier.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: Lambda, Status Code: 403, Request ID: 4f4fe2e9-09c9-4ac5-8e62-385d59b0d073)" (RequestToken: 4aa078bf-0364-44e0-8cdd-c6de2ae3b422, HandlerErrorCode: AccessDenied).
ResourceLogicalId:ASAIAMExemptionsGroup, ResourceType:AWS::IAM::Group, ResourceStatusReason:IAMKeyRotationExemptionGroup already exists.
I just followed the document no additional steps I have done pre/post of the guidelines in the document, can you please suggest, what action has to be take to fix this.
I understood from the Error Status reason that I need to set some permissions but wondering why they are not defined in the document? Can you please suggest to fix this issue.