search

awslabs / aws-config-engine-for-compliance-as-code

Manage AWS Config Rules at scale in AWS multi-account and/or multi-region environment; with fully configurable deployment (RuleSets) and analytics.
Apache License 2.0
276 stars 96 forks source link

Compliance application in second region failing #52

Closed JamesMGerstenberg closed 5 years ago

JamesMGerstenberg commented 5 years ago

Currently Have Deployed this in US-east-1 region fine to multiple accounts. I have Deployed Compliance engine and application to us-east-2. I run the Code build which runs correct. The issue is no rules are ever created in the second region. When looking at cloudformation The RDK-Config-Rule-Functions go into a rollback_failed status. Which I have no clue why.

15:28:14 UTC-0500 | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | RDK-Config-Rule-Functions | The following resource(s) failed to create: [IAMGROUPNOPOLICYFULLSTARLambdaFunction, IAMUSERNOPOLICYFULLSTARLambdaFunction, INTERNETGATEWAYAUTHORIZEDONLYLambdaFunction, IAMROLENOPOLICYFULLSTARLambdaFunction, COMPLIANCERULESETLATESTINSTALLEDLambdaFunction, EBSENCRYPTEDVOLUMESV2LambdaFunction, ROOTNOACCESSKEYLambdaFunction]. . Rollback requested by user.   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | IAMUSERNOPOLICYFULLSTARLambdaFunction | RDK-Rule-Function-IAMUSERNOPOLICYFULLSTAR already exists   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | ROOTNOACCESSKEYLambdaFunction | RDK-Rule-Function-ROOTNOACCESSKEY already exists   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | COMPLIANCERULESETLATESTINSTALLEDLambdaFunction | RDK-Rule-Function-COMPLIANCERULESETLATESTINSTALLED already exists   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | IAMROLENOPOLICYFULLSTARLambdaFunction | RDK-Rule-Function-IAMROLENOPOLICYFULLSTAR already exists   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | EBSENCRYPTEDVOLUMESV2LambdaFunction | RDK-Rule-Function-EBSENCRYPTEDVOLUMESV2 already exists   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | IAMGROUPNOPOLICYFULLSTARLambdaFunction | RDK-Rule-Function-IAMGROUPNOPOLICYFULLSTAR already exists   | 15:28:14 UTC-0500 | CREATE_FAILED | AWS::Lambda::Function | INTERNETGATEWAYAUTHORIZEDONLYLambdaFunction | RDK-Rule-Function-INTERNETGATEWAYAUTHORIZEDONLY already exists   | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | IAMUSERNOPOLICYFULLSTARLambdaFunction |     | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | ROOTNOACCESSKEYLambdaFunction |     | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | IAMROLENOPOLICYFULLSTARLambdaFunction |     | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | COMPLIANCERULESETLATESTINSTALLEDLambdaFunction |     | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | EBSENCRYPTEDVOLUMESV2LambdaFunction |     | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | IAMGROUPNOPOLICYFULLSTARLambdaFunction |     | 15:28:13 UTC-0500 | CREATE_IN_PROGRESS | AWS::Lambda::Function | INTERNETGATEWAYAUTHORIZEDONLYLambdaFunction

JamesMGerstenberg commented 5 years ago

Closing. Seems the Lamdba function from original deploy did not clean up.