Closed FugroEgger closed 4 months ago
does this spoke account also have the 3.0.0 version of the spoke stack installed? This would be an expected error when 3.0.0 tries to assume into the roles created by a 1.5.6 spoke stack.
you are correct. that was the issue, its working now. Thanks for the quick reply Our cloudformation scheduler remote stack update to 3.0.0 didn't run in some accounts.
I appreciate your work on this great solution
Describe the bug Stack region: eu-west-1 Stack-Name: cs-instance-scheduler TagName: scheduler_period UsingAWSOrganizations: Yes regions: ap-southeast-1,ap-southeast-2,eu-central-1,eu-west-1,eu-west-3,eu-north-1,me-south-1,me-central-1,us-east-1,us-east-2,us-west-1
ASG scheduling works for the accounts using it.
Control Tower setting prevent the default VPC creation, but ddoes not prevent iam actions The spoke account (1111111111) in this error does not use ASG groups or any EC2 resources in any supported regions. VPC:0
To Reproduce i can't reproduce it in our development environment
Expected behavior no errors as ASG scheduling works for the accounts using it.
Please complete the following information about the solution:
Screenshots none
Additional context All accounts are managed by Controltower, Control Tower setting prevent the default VPC creation, so supported scheduling regions can have 0 VPC No SCP prevent IAM actions