There appear to be various bugs with the default MWAA setup

Question

When using the default setup for MWAA, it seems that the stack which is created has duplicate Logical ID's, and i suspect this  duplication is why much of the stack hangs during creation.  For example, the logical ID DefaultPrivateRoute1 shows up three times in my stack, but the second two never complete (despite the stack saying it has completed).    
  
Despite the errors, the new VPC from the stack still shows up on the MWAA construction UI, and so I use it.  I also opt to use public network to simplify setup, and let MWAA create the new security group and execution role.  Everything  else is left to default configurations.  
  
When I finally try to finish up the setup, I'm hit with the following error, despite my bucket having open permissions and being able to access the DAG files over https from my machine:  
  
Unable to check PublicAccessBlock configuration for the account 364954322364: Access Denied (Service: S3Control, Status Code: 403, Request ID: KJ2ASY1EGGBRTYBR, Extended Request ID: DKwKxzBjClMTyW9MgcY2FLXs66McbaPHyBU3gjkS1Oj2noskhrF5vG6xdRZxgkq9ef+JFqeug3k=)

Can anyone help me understand what I am doing wrong, or if this is a bug with the MWAA default setup?

Accepted Answer

Hi! Given the error you provided, I'd check to ensure that the S3 bucket is configured to Block all public access, and has Bucket Versioning enabled. Docs: https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-s3-bucket.html.   
  
Thanks!

Answer

tuck-aws you were correct, I was attempting to use an existing bucket that I had made public.  Thank you for your help.  Next time I use an AWS service I will check for documentation on how any associated services need to be configured before posting here.

There appear to be various bugs with the default MWAA setup

Contenido relevante