The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Apache License 2.0
725
stars
233
forks
source link
[BUG][OTHER] APA-InitialSetup stack fails with 'Invalid principal in policy' #1136
Which State did the Main State Machine Fail in: N/A
Describe the bug
The installer pipelineRole moved from trusting the account principal to assume it to trusting the role itself in #1117. Specifically, line 203. CloudFormation validates the principals in the trust policy when creating the role and, because the role doesn't exist, fails with an 'Invalid principal in policy'. Screenshot below.
Screenshots
Additional context
Rolling back to trusting the account itself seems to be the best solution assuming this role does need to assume itself. I'm happy to drop in a quick PR to roll it back if it's helpful.
Required Basic Info
Describe the bug
The installer pipelineRole moved from trusting the account principal to assume it to trusting the role itself in #1117. Specifically, line 203. CloudFormation validates the principals in the trust policy when creating the role and, because the role doesn't exist, fails with an 'Invalid principal in policy'. Screenshot below.
Screenshots
Additional context
Rolling back to trusting the account itself seems to be the best solution assuming this role does need to assume itself. I'm happy to drop in a quick PR to roll it back if it's helpful.