Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.
Other
965
stars
235
forks
source link
[BUG] sra-macie-org-main-ssm.json includes a pSRAStagingS3BucketName parameter that should be read from SSM parameters #223
Please vote on this issue by adding a š reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Describe the bug
When deploying Macie (via the CfCT in my case, but the same issue should happen via CloudFormation CLI), the SSM JSON parameters file (sra-macie-org-main-ssm.json) includes a value that should be read from it's SSM parameter and therefore not be included in the JSON file.
To Reproduce
Steps to reproduce the behavior:
Copy the sra-macie-org-main-ssm.json file from the SRA solution to the parameters directory in the custom-control-tower-configuration CodeCommit repo.
Copy the sra-macie-org-main-ssm.yaml file from the SRA solution to the templates directory in the custom-control-tower-configuration CodeCommit repo.
Add an entry to the manifest.yaml file to deploy the solution.
Commit changes to kick off the pipeline
The Macie org solution fails to deploy with an error
Parameter pSRAStagingS3BucketName should either have input value or default value
Expected behavior
The Macie org solution deploys without errors.
Deployment Environment (please complete the following information)
Deployment Framework: Customizations for Control Tower
Deployment Framework Version: CfCT v2.7.1 and SRA examples v3.1.0
Additional context
Removing the parameter from the JSON file allows the deployment to proceed successfully.
Community Note
Describe the bug
When deploying Macie (via the CfCT in my case, but the same issue should happen via CloudFormation CLI), the SSM JSON parameters file (
sra-macie-org-main-ssm.json) includes a value that should be read from it's SSM parameter and therefore not be included in the JSON file.To Reproduce
Steps to reproduce the behavior:
sra-macie-org-main-ssm.jsonfile from the SRA solution to the parameters directory in the custom-control-tower-configuration CodeCommit repo.sra-macie-org-main-ssm.yamlfile from the SRA solution to the templates directory in the custom-control-tower-configuration CodeCommit repo.manifest.yamlfile to deploy the solution.Expected behavior
The Macie org solution deploys without errors.
Deployment Environment (please complete the following information)
Additional context
Removing the parameter from the JSON file allows the deployment to proceed successfully.