Failure during bootstrap phase when `s3PublicAccessBlock` is set to `true` in `us-east-1` about landing-zone-accelerator-on-aws HOT 6 CLOSED

Hello @atfurman thanks for providing additional context. The errors you are seeing are related to the LZA detecting an invalid configuration. Can you please take a look at the AWS Best Practice configuration and the typedoc to check the config?

Also, our team is aware that the error messages related to configuration are not helpful, and we have a fix slated for the upcoming release to address the issue.

For more context, I was able validate that the security configuration block provided above is syntactically correct, so the issue may be related to a different config file. Can you check the diff of the configuration changes you've made to see where a configuration problem may have occurred?

from landing-zone-accelerator-on-aws.

Hello @atfurman thanks for providing additional context. The errors you are seeing are related to the LZA detecting an invalid configuration. Can you please take a look at the AWS Best Practice configuration and the typedoc to check the config?

Also, our team is aware that the error messages related to configuration are not helpful, and we have a fix slated for the upcoming release to address the issue.

For more context, I was able validate that the security configuration block provided above is syntactically correct, so the issue may be related to a different config file. Can you check the diff of the configuration changes you've made to see where a configuration problem may have occurred?

Hi @hickeydh-aws the two samples provided above are the only variables in play. The solution deployed without issue on the first config, and failed as described with the second config. Oddly enough, the second config works without issue in us-gov-west-1.

Due to the logging being rather lacking in detail, it took something between 8 and 10 runs to isolate this specific setting as the source of the error.

from landing-zone-accelerator-on-aws.

@atfurman did you find the solution to this issue? I'm currently having the same issue. I'm on LZA 1.2. Did you happen to work with support to find a resolution to this? Really curious why this suddenly stopped worked. I haven't tested doing what you said you did with the security file.

from landing-zone-accelerator-on-aws.

@MitoMills this is for LZA 1.3 so I cannot speak to 1.2. Unfortunately the only solution I have found thus far is to set

  s3PublicAccessBlock:
    enable: false

and accomplish that through other means than LZA. I am hopeful that the error messages in version 1.3.1 will be more helpful in isolating the actual source of this failure.

from landing-zone-accelerator-on-aws.

Hello @atfurman,

I just wanted to follow up on this issue. I cannot reproduce the issue on my end using v1.3.0 code. I have both us-east-1 and us-west-2 enabled in my configuration, as well as s3PublicAccessBlock enabled. I also tested against our latest code and synthesis is successful.

Have you had an opportunity to run your configuration through our latest code (v1.3.2)? Please let us know if there are any additional errors we can help troubleshoot in regards to this issue.

from landing-zone-accelerator-on-aws.

Hello,

We will be marking this issue closed due to no response, but if you continue seeing this error please feel free to re-open or open a new issue. Thanks!

from landing-zone-accelerator-on-aws.