我正在關注https://aws.amazon.com/de/blogs/security/how-to-automate-aws-account-creation-with-sso-user-assignment/來自動創建 sso 帳戶。它說:
此解決方案配置為部署在北弗吉尼亞地區 (us-east-1)。但是您可以更改 CloudFormation 模板以在支持解決方案中所需的所有服務的任何區域中運行。
所以我創建了堆疊https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml并從我們更改頂部面板中的區域-east-1 到 eu-central-1。
堆疊的創建失敗并出現以下事件:
Logical ID: CreateAccountAssignmentLambda
Status: Create_FAILED
Status reason: Resource handler returned message: "Error occurred while GetObject. S3 Error Code: PermanentRedirect. S3 Error Message: The bucket is in this region: us-east-1. Please use this region to retry the request (Service: Lambda, Status Code: 400, Request ID: 7fd58877-67b5-46b6-ac60-693f1edff8df, Extended Request ID: null)" (RequestToken: b49cb70f-2820-2c65-76c2-1a0b2776cd94, HandlerErrorCode: InvalidRequest)
我檢查了模板和其中參考的位置:
https ://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/batchcreation_lambda.zip
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/account_create_lambda.zip
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip
但是沒有提到us-east-1or Virginia。如何更改 CloudFormation 模板以在其他區域運行?
uj5u.com熱心網友回復:
似乎問題出在S3Bucket: awsiammedia.
我會將您需要的資產復制awsiammedia到新區域中的存盤桶中,并使用您找到的存盤桶名稱awsiammedia。所以,“配置”不是一個好的描述。
CreateAccountAssignmentLambda:
Type: AWS::Lambda::Function
Properties:
Code:
--> S3Bucket: awsiammedia
S3Key: public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/436180.html
標籤:亚马逊网络服务 亚马逊-s3 亚马逊云形成 aws-控制塔