如何配置 automate_aws_accounts_creation_sso_users_assignment.yaml 在我选择的区域运行?
[英]How to configure automate_aws_accounts_creation_sso_users_assignment.yaml to run in a region of my choice?
问题描述
I'm following https://aws.amazon.com/de/blogs/security/how-to-automate-aws-account-creation-with-sso-user-assignment/ to automate sso account creation.
我正在关注https://aws.amazon.com/de/blogs/security/how-to-automate-aws-account-creation-with-sso-user-assignment/以自动创建 sso 帐户。 It says:它说:
This solution is configured to be deployed in the North Virginia Region (us-east-1).
So I create the stack https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml and change the region in the top panel from us-east-1 to eu-central-1.所以我创建了堆栈https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml并从我们更改顶部面板中的区域-east-1 到 eu-central-1。
The creation of the stack fails with the following event:堆栈的创建失败并出现以下事件:
Logical ID: CreateAccountAssignmentLambda
Status: Create_FAILED
Status reason: Resource handler returned message: "Error occurred while GetObject. S3 Error Code: PermanentRedirect. S3 Error Message: The bucket is in this region: us-east-1. Please use this region to retry the request (Service: Lambda, Status Code: 400, Request ID: 7fd58877-67b5-46b6-ac60-693f1edff8df, Extended Request ID: null)" (RequestToken: b49cb70f-2820-2c65-76c2-1a0b2776cd94, HandlerErrorCode: InvalidRequest)
I have inspected the tamplate and the locations referenced therein:我已经检查了模板和其中引用的位置:
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/batchcreation_lambda.zip https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/batchcreation_lambda.zip
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/account_create_lambda.zip https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/account_create_lambda.zip
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip
But there is no mention of us-east-1 or Virginia .但是没有提到us-east-1或Virginia 。 How can I change the CloudFormation template to run in another region?如何更改 CloudFormation 模板以在其他区域运行?
1 个解决方案
解决方案1
1 已采纳 2022-03-01 21:13:50
It seems as though the problem is the S3Bucket: awsiammedia .似乎问题出在S3Bucket: awsiammedia 。
I would copy the assets you need from awsiammedia to a bucket in the new region, and use that bucket name where you find awsiammedia .我会将您需要的资产从awsiammedia复制到新区域中的存储桶,并在您找到awsiammedia的位置使用该存储桶名称。 So, 'configure' is not a good description.所以,“配置”不是一个好的描述。
CreateAccountAssignmentLambda:
Type: AWS::Lambda::Function
Properties:
Code:
--> S3Bucket: awsiammedia
S3Key: public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.