Community::Organizations::Policy v 0.2.2 is exhibiting a non-functional sequence of events when deployed. Specifically it:
Attempts to create the SCP by handling the cloudformation create event.
AWS organizations responds with the following error:
ERROR: Resource Scp failed because Resource handler returned message: "AWS Organizations can't complete your request because another request is already in progress. Try again later."
The resources do get created, regardless.
On CFN re-recreate (via org-formation cli), the following error causes the CFN and org formation cli to fail:
Resource handler returned message: "Error: Resource of type 'Community::Organizations::Policy' with identifier 'DenyRootAccess' already exists."
Note: A CFN create event happens as the initial create did not succeed.
OrganizationsPolicyRp:
Type: register-type
ResourceType: "Community::Organizations::Policy"
SchemaHandlerPackage: !Sub "s3://${catalogBucket}/community-organizations-policy-0.2.2.zip"
MaxConcurrentTasks: 100
OrganizationBinding:
IncludeMasterAccount: true
Region: us-east-1 # Only compatible to us-east-1 region
DenyRootAccess:
Type: update-stacks
Template: ./deny-root-access.yml
StackName: !Sub "${resourcePrefix}-deny-root-access"
DefaultOrganizationBindingRegion: us-east-1
DefaultOrganizationBinding:
IncludeMasterAccount: true
# you can use the following to exclude accounts from this SCP, either temporarily or permanently
# ExcludeAccount: !Ref myAccount
OrganizationBindings:
TargetBinding:
Account: "*"
This is the only task being executed at the time of failure, so I am not aware of why AWS organizations is throwing this throttling error in the first place. Regardless, the resources do get created. I wonder if the initial create can be a tad more resilient and re-discover the resource that was created, despite the error response from AWS organizations.
Community::Organizations::Policy v 0.2.2 is exhibiting a non-functional sequence of events when deployed. Specifically it:
ERROR: Resource Scp failed because Resource handler returned message: "AWS Organizations can't complete your request because another request is already in progress. Try again later."
Note: A CFN create event happens as the initial create did not succeed.
This is the only task being executed at the time of failure, so I am not aware of why AWS organizations is throwing this throttling error in the first place. Regardless, the resources do get created. I wonder if the initial create can be a tad more resilient and re-discover the resource that was created, despite the error response from AWS organizations.