An event occurred where StepFuntions "SO0111-SHARR-Orchestrator" could not be executed.

[K-hirasuka]

I followed the deployment guide below and deployed "Automated Security Response"

https://docs.aws.amazon.com/ja_jp/solutions/latest/automated-security-response-on-aws/deployment.html

But,Deployed environment does not work properly The error that is occurring is as follows ("Get Automation Document State" cannot be executed)

[LM6pillars]

Hi K-hirasuka,

Looks like an issue with the standards in AWS Security Hub? Happy to get on a call to assist – 6pillars is an external contributor to the AWS Security Hub Automated Security Response project.

Feel free to book in an appointment at a time which suits you at https://calendly.com/lmmodesto/30min

Lorenzo Modesto Web: https://www.6pillars.ai/ Email: @.**@.> Phone: +61414565062 Linkedin: https://www.linkedin.com/in/lorenzo-modesto-6pillars/

[signature_3461899870] Cloud security automation you can trust

[signature_4159631170] [signature_1244351653] [signature_25246710]

This email and any attachments are both confidential and intended only for the use of the intended recipient. If you have received this email either in error or it or any attachments have been forwarded to you, you must either immediately destroy and/or delete them and their contents and agree to hold the email and any attachments confidential and not use them in any way for personal or professional gain. If you receive this email, you agree to hold any information contained herein including any attachments confidential and agree that not doing so will have a material impact on the original sender, for which you will be liable.

From: K-hirasuka @.> Date: Wednesday, 17 May 2023 at 12:09 pm To: aws-solutions/automated-security-response-on-aws @.> Cc: Subscribed @.***> Subject: [aws-solutions/automated-security-response-on-aws] An event occurred where StepFuntions "SO0111-SHARR-Orchestrator" could not be executed. (Issue #167)

I followed the deployment guide below and deployed "Automated Security Response"

https://docs.aws.amazon.com/ja_jp/solutions/latest/automated-security-response-on-aws/deployment.html

But,Deployed environment does not work properly The error that is occurring is as follows ("Get Automation Document State" cannot be executed)

[image]https://user-images.githubusercontent.com/90313719/238812156-c4ff9c77-1070-4b8c-b351-804ae199e41b.png

— Reply to this email directly, view it on GitHubhttps://github.com/aws-solutions/automated-security-response-on-aws/issues/167, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AVB3NDMKAPMYR7UKA76JMZDXGQXN5ANCNFSM6AAAAAAYENNPDM. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[hearde]

It looks like you've enabled the Consolidated Control Findings feature of Security Hub in this account. When you do that, you must deploy the "SC" or "Security Control" admin and member stacks, and none of the other nested standard-specific stacks need to be deployed. Can you check your CloudFormation parameters for the admin and member stacks and confirm that "Yes" is selected for the parameters for deploying the SC Admin and Member nested stacks?

I know the doc was initially light on details in this regard and we've tried to update it with more information about the feature in this page: https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/deciding-where-to-deploy-each-stack.html