hearde
commented
1 year ago It looks like it's not that GovCloud is unique, but that the "global endpoint" is actually a legacy endpoint that only works for us-east-1:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#VirtualHostingBackwardsCompatibility
- https://docs.aws.amazon.com/general/latest/gr/s3.html
In order for this to work, cdk needs to know at synth time the region of your template bucket, otherwise you could only deploy in the region where the template bucket is located.
This is only a problem for dev/test because for our prod templates, we deploy templates to a bucket in us-east-1 with assets replicated to every region. Here are the ways I can think to fix this:
- Fix the project to support CDK deploy so we don't have to mess with these buckets manually
- take a build/synth-time parameter for the region of the template bucket
We are going to want to support CDK deploy eventually for building a testing pipeline, so that's what I'm going to recommend we do.
AaronSchuetter
Describe the bug
When deploying this solution from own S3 buckets in govcloud, a non-existent bucket error causes the main stack to fail when fetching child stacks. This is due to GovCloud requiring an S3 url format with a region code of
https://bucket-name.s3.region-code.amazonaws.com/key-namerather than the commercial-region supportedhttps://bucket-name.s3.amazonaws.com/key-name.To Reproduce
Expected behavior
The aws-sharr-deploy.template CFN template should successfully deploy along with child stacks.
Please complete the following information about the solution:
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0111) AWS Security Hub Automated Response & Remediation Administrator Stack, v1.4.0". You can also find the version from releases
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context