Comments (6)
Also deleting the stack takes ages, I suppose again because there is no AWS Audit manager in eu-west-3?
from landing-zone-accelerator-on-aws.
I tried a workaround to exclude Paris region from the audit Manager in security-config.yaml, but no luck:
auditManager:
enable: true
excludeRegions:
- eu-west-3
I also tried exclude Paris from the awsConfig using the following:
awsConfig:
excludeRegions:
- eu-west-3
But got the following error in the pipeline in Security_Resources stage and the stack AWSAccelerator-SecurityResourcesStack-xxxxx-eu-west-3
"Invalid request provided: NoAvailableConfigurationRecorder"
from landing-zone-accelerator-on-aws.
I tried a workaround to exclude Paris region from the audit Manager in security-config.yaml, but no luck:
auditManager: enable: true excludeRegions: - eu-west-3
I also tried exclude Paris from the awsConfig using the following:
awsConfig: excludeRegions: - eu-west-3
But got the following error in the pipeline in Security_Resources stage and the stack AWSAccelerator-SecurityResourcesStack-xxxxx-eu-west-3
"Invalid request provided: NoAvailableConfigurationRecorder"
I can't say regarding the main issue, but we also ran into the NoAvailableConfigurationRecorder
. This was mainly due to enabling a new region in Control Tower but not updating enrolled accounts. This leads to AWS Config in the new regions to not be initialized. The fix was to simply update enrolled accounts through Control Tower.
from landing-zone-accelerator-on-aws.
Hello, any update here?
@ye-yng how do you update de enrolled accounts to the new region?
could you share de steps here?
from landing-zone-accelerator-on-aws.
We are having the same problem with version 1.9.1 when enabling a secondary region.
This helped us but is not the expected behavior: #517 (comment)
AWSAccelerator-SecurityResourcesStack-3111XXXXXXXX-us-west-2 | 0/89 | 9:38:02 PM | CREATE_FAILED |
AWS::Config::ConfigRule | AcceleratorEc2InstanceDetailedMonitoringEnabled
(AcceleratorEc2InstanceDetailedMonitoringEnabled9F032168) Resource handler returned message: "Invalid request provided:
NoAvailableConfigurationRecorder" (RequestToken: XXXXXXXX-dee3-ee84-d6cb-7d8268aXXXXX, HandlerErrorCode:
InvalidRequest)
from landing-zone-accelerator-on-aws.
Hello, any update here? @ye-yng how do you update de enrolled accounts to the new region? could you share de steps here?
Hi, I don't quite recall the details regarding our specific error, but updating enrolled accounts in Control Tower did solve it.
Assuming you enabled new regions in your Control Tower Landing Zone, perform the following steps to update enrolled accounts:
- Go to Control Tower > Organization
- If you enabled new regions in Control Tower you should see your accounts (other than the mandatory ones) with an Update Available Baseline State
- Update the accounts one by one
I couldn't find a more efficient solution at the time but this solved our issues.
from landing-zone-accelerator-on-aws.
Related Issues (20)
- Network-Association error when deploying third party firewall
- Enable AWS SSM Quick Setup in Organization Config
- CodeBuild operational notification 29 August 2024 HOT 1
- Native support for a TLS Inspection Configuration class in the network-config.yaml file HOT 1
- Native support to supply a TLS Inspection Configuration ARN to a property of the NfwFirewallPolicyConfig Class NfwFirewallPolicyConfig HOT 1
- https://registry.yarnpkg.com/ return empty JSON and causing Build stage to fail
- LZA Validator : Detect duplicate named resources
- feat: Add option to auto-deploy from S3
- feat: Provide inital IAM IC user
- bug: Accounts pipeline often times out
- bug: Build doesn't detect version correctly HOT 5
- feat: Manage GuardDuty Lambda protection
- feat: Manage GuardDuty RDS protection
- feat: Bump JS SDK to v3
- Use existing configuration with S3 instead of CodeCommit within LZA CloudFormation installer template HOT 2
- Clarity on opt-in regions for individual account
- bug: LZA Validator is stuck? HOT 1
- Prepare Stage Fails with Control Tower launch issues
- Secret created for the break-glass user does not use CMK and is not rotated
- feat: Support for transit gateway peering to external/non-LZA transit gateways HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from landing-zone-accelerator-on-aws.