unable to deploy the the AWS cloud migration factory solution
I am trying to deploy the cloud migration factory in aws using cloud formation template download from here https://solutions-reference.s3.amazonaws.com/cloud-migration-factory-on-aws/latest/aws-cloud-migration-factory-solution.template
but it failed deploy and rollbacked immediately.
I have seen that few resources failed to create, i am clueless as i have used admin user and even root user as well.
Can some one check and help ?
- Newest
- Most votes
- Most comments
Hello.
Although it is not visible in the image, the reason why resource creation failed may be listed in the "Status reason" column.
Could you please share the "Status reason" column?
Thanks for the reply.
I deployed using the same template in my environment and saw the same error.
The cause of the error is unknown, but OAI itself is an old control method, so I used OAC to control it, and the deployment was successful.
The change should be made around line 227 to the following template.
FrontEndBucketPolicy:
Condition: DeployCloudFront
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref FrontEndBucket
PolicyDocument:
Statement:
- Action: s3:GetObject
Effect: Allow
Resource: !Sub ${FrontEndBucket.Arn}/*
Principal:
Service: cloudfront.amazonaws.com
Condition:
StringEquals:
AWS:SourceArn: !Sub arn:aws:cloudfront::${AWS::AccountId}:distribution/${CloudfrontDistribution}
CloudFrontOriginAccessControl:
Condition: DeployCloudFront
Type: AWS::CloudFront::OriginAccessControl
Properties:
OriginAccessControlConfig:
Description: Default Origin Access Control
Name: !Ref AWS::StackName
OriginAccessControlOriginType: s3
SigningBehavior: always
SigningProtocol: sigv4
CloudfrontDistribution:
Condition: DeployCloudFront
DependsOn: CloudFrontFunction
Type: AWS::CloudFront::Distribution
Properties:
Tags:
-
Key: application
Value: !Ref Application
-
Key: environment
Value: !Ref Environment
-
Key: Name
Value: !Sub ${Application}-${Environment}-CloudFrontDistribution
DistributionConfig:
WebACLId:
!If
- DeployWAF
- !GetAtt WAFFEStack.Outputs.WAFFEACLArn
- !Ref 'AWS::NoValue'
Enabled: true
PriceClass: 'PriceClass_100'
DefaultRootObject: 'index.html'
ViewerCertificate:
CloudFrontDefaultCertificate: true
MinimumProtocolVersion: TLSv1.2_2018
CustomErrorResponses:
- ErrorCachingMinTTL: 300
ErrorCode: 403
ResponseCode: 200
ResponsePagePath: '/index.html'
HttpVersion: http2
DefaultCacheBehavior:
AllowedMethods:
- HEAD
- DELETE
- POST
- GET
- OPTIONS
- PUT
- PATCH
ForwardedValues:
QueryString: false
TargetOriginId: !Sub S3-${FrontEndBucket}
ViewerProtocolPolicy: redirect-to-https
FunctionAssociations:
- EventType: viewer-response
FunctionARN: !GetAtt CloudFrontFunction.FunctionMetadata.FunctionARN
IPV6Enabled: true
Logging:
Bucket: !GetAtt AccessLoggingBucket.DomainName
Origins:
- DomainName: !GetAtt FrontEndBucket.DomainName
Id: !Sub S3-${FrontEndBucket}
S3OriginConfig:
OriginAccessIdentity: ''
OriginAccessControlId: !GetAtt CloudFrontOriginAccessControl.Id
Metadata:
cfn_nag:
rules_to_suppress:
- id: W70
reason: "It is already TLSv1.2_2018"
Relevant content
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
Thank you.