Wrong logging bucket policy with Control Tower

0

Hello guys,

I wanted to setup the automated service limit increase in the Service Quotas with the CloudFormation Template in this blog post: https://aws.amazon.com/de/blogs/mt/automating-service-limit-increases-enterprise-support-aws-control-tower/

When the QuotaIncreaseLambda function is called, there is the following error: "Error occurred while GetObject. S3 Error Code: NoSuchBucket. S3 Error Message: The specified bucket does not exist (Service: Lambda, Status Code: 400, Request ID: 5f4f9064-8540-4813-bee3-e20e541fdeac)" (RequestToken: b39f53c9-91ad-b1b0-9dda-fea59464acc7, HandlerErrorCode: InvalidRequest)

I've checked that the bucket exists and I am also in the same region while deploying it. Does anyone has a solution for this?

Greetings Mark

asked 10 months ago259 views
1 Answer
0
Accepted Answer

Hey Mark, One of the provided AWS CloudFormation template in the specified blog post in "Set up the Service Quotas automation", Step 2 listed as

service_quotas_control_tower.cf.yml

has a line that will cause this error, in line 207, remove "-${AWS::Region}"

Original line:

S3Bucket: !Sub ${pS3Bucket}-${AWS::Region}

Change it to:

S3Bucket: !Sub ${pS3Bucket}

Also note the template will attempt to access the S3 bucket in the current region so if your S3 bucket is located in a different region it will fail, make sure to switch to the appropriate region where the S3 bucket is located.

profile pictureAWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions