Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

aws config conformance pack deployment failure in gov cloud us-west-1 region

0

Hi I am trying to deploy the aws conformance packs for cmmc and nist etc in us-west-1 gov cloud and receiving numerous errors below. wondering if there are limitation on using conformance packs in gov cloud or are there any custom templates available for the same to implement in gov cloud. below are the errors The sourceIdentifier ROOT_ACCOUNT_HARDWARE_MFA_ENABLED is invalid. Please refer to the documentation for a list of valid sourceIdentifiers that can be used when AWS is the Owner. (Service: AmazonConfig; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 096f3323-178d-4d99-9724-6ad2cc427978; Proxy: null)

he sourceIdentifier OPENSEARCH_IN_VPC_ONLY is invalid. Please refer to the documentation for a list of valid sourceIdentifiers that can be used when AWS is the Owner. (Service: AmazonConfig; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 70d48258-72e0-4700-af6b-14e4c8d7a45b; Proxy: null)

The sourceIdentifier OPENSEARCH_ENCRYPTED_AT_REST is invalid. Please refer to the documentation for a list of valid sourceIdentifiers that can be used when AWS is the Owner. (Service: AmazonConfig; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 8bf02e8b-7f70-4a97-be93-76b30ee34d87; Proxy: null)

Temas
Gestión y gobierno
Etiquetas
AWS Config
Idioma
English
hs-aws
preguntada hace 6 meses293 visualizaciones
1 Respuesta
2

Hello,

The reason why the deployment is failing is that "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED", "OPENSEARCH_IN_VPC_ONLY" and "OPENSEARCH_ENCRYPTED_AT_REST" AWS managed config rules are not supported in the us-west-1 GovCloud region. If unsupported AWS managed config rules are referred in the conformance pack, the deployment fails.

It is required that the sample templates are modified to include only the rules that are available in GovCloud to successfully deploy the conformance pack.

[+] Conformance Pack sample templates - https://docs.aws.amazon.com/config/latest/developerguide/conformancepack-sample-templates.html

The list of managed config rules which are currently supported in GovCloud regions can be referenced from the below links -

[+] AWS GovCloud (US-East) Region -https://docs.aws.amazon.com/config/latest/developerguide/managing-rules-by-region-availability.html#aws-govcloud-us-east-section-head

[+] AWS GovCloud (US-West) Region -https://docs.aws.amazon.com/config/latest/developerguide/managing-rules-by-region-availability.html#aws-govcloud-us-west-section-head

Regards,

Suryansh

AWS
Suryansh S
respondido hace 6 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante