Closed Outrun207 closed 5 months ago
It looks like it's not that GovCloud is unique, but that the "global endpoint" is actually a legacy endpoint that only works for us-east-1:
In order for this to work, cdk needs to know at synth time the region of your template bucket, otherwise you could only deploy in the region where the template bucket is located.
This is only a problem for dev/test because for our prod templates, we deploy templates to a bucket in us-east-1 with assets replicated to every region. Here are the ways I can think to fix this:
We are going to want to support CDK deploy eventually for building a testing pipeline, so that's what I'm going to recommend we do.
This only affects someone building a dev version to deploy on gov-cloud. Can reopen if there is further interest.
Describe the bug
When deploying this solution from own S3 buckets in govcloud, a non-existent bucket error causes the main stack to fail when fetching child stacks. This is due to GovCloud requiring an S3 url format with a region code of
https://bucket-name.s3.region-code.amazonaws.com/key-name
rather than the commercial-region supportedhttps://bucket-name.s3.amazonaws.com/key-name
.To Reproduce
Expected behavior
The aws-sharr-deploy.template CFN template should successfully deploy along with child stacks.
Please complete the following information about the solution:
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0111) AWS Security Hub Automated Response & Remediation Administrator Stack, v1.4.0". You can also find the version from releases
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context