Failing to create security-automations-for-aws-waf in il-central-1

[arshikam]

Describe the bug Solution is not deploying in il-central-1 region.

To Reproduce Try to deploy the stack in il-central-1 region:

https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/step-1.-launch-the-stack.html

Expected behavior It should deploy in the il-central-1 region.

Please complete the following information about the solution:

• [x] Version: [e.g. v3.1] latest

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "Security Automations for AWS WAF v3.1: This AWS CloudFormation template helps you provision the Security Automations for AWS WAF stack without worrying about creating and configuring the underlying AWS infrastructure". If the description does not contain the version information, you can look at the mappings section of the template:

Mappings:
  SourceCode:
    General:
      TemplateBucket: 'solutions-reference'
      SourceBucket: 'solutions'
      KeyPrefix: 'waf-security-automation/v3.1'

• [x] Region: [e.g. us-east-1] il-central-1
• [x] Was the solution modified from the version published on this repository? No
• [x] If the answer to the previous question was yes, are the changes available on GitHub?
• [x] Have you checked your service quotas for the services this solution uses?
• [x] Were there any errors in the CloudWatch Logs?

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context

When trying to deploy the below solution in il-central-1 region: https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/step-1.-launch-the-stack.html

Getting below error:

Error 1:

There was an error creating this change set Template format error: Unrecognized resource types: [AWS::ServiceCatalogAppRegistry::AttributeGroup, AWS::ServiceCatalogAppRegistry::Application, AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation, AWS::ServiceCatalogAppRegistry::ResourceAssociation]

Now I found a document where it says that 'ServiceCatalogAppRegistry' is not supported for il-central-1 region but it is not a official document.

https://www.aws-services.info/servicecatalog-appregistry.html

The same stack is getting deployed successfully in us-east-1 region.

Tried to remove the dependancy for 'ServiceCatalogAppRegistry' resource from the template and deployed the stack. This time it failed with below error:

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: IllegalLocationConstraintException. S3 Error Message: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to. (Service: Lambda, Status Code: 400, Request ID: )" (RequestToken: , HandlerErrorCode: InvalidRequest)

Please guide on this as to how we can proceed and deploy the solution in il-central-1 region

[taniwallach]

I think https://github.com/aws-solutions/aws-waf-security-automations/pull/254 provides a solution to be able to deploy to a region without AppRegistry.

Obviously AppRegistry cannot be used for monitoring in such a case.

[aijunpeng]

The out-of-box solution is not supported in il-central-1 region. You can try to customize the source code, build and upload assets to s3, following https://github.com/aws-solutions/aws-waf-security-automations/blob/main/README.md.

This is a duplicate of an internal ticket. Close this ticket.

[morjoan]

Looks like this is a duplicate of issue #256. Closing.