Wrong logging bucket policy with Control Tower

Question

Hello guys,

I wanted to setup the automated service limit increase in the Service Quotas with the CloudFormation Template in this blog post:
https://aws.amazon.com/de/blogs/mt/automating-service-limit-increases-enterprise-support-aws-control-tower/

When the QuotaIncreaseLambda function is called, there is the following error:
"Error occurred while GetObject. S3 Error Code: NoSuchBucket. S3 Error Message: The specified bucket does not exist (Service: Lambda, Status Code: 400, Request ID: 5f4f9064-8540-4813-bee3-e20e541fdeac)" (RequestToken: b39f53c9-91ad-b1b0-9dda-fea59464acc7, HandlerErrorCode: InvalidRequest)

I've checked that the bucket exists and I am also in the same region while deploying it. Does anyone has a solution for this?

Greetings
Mark

Accepted Answer

Hey Mark,
One of the provided AWS CloudFormation template in the specified blog post in "Set up the Service Quotas automation", Step 2 listed as

```
service_quotas_control_tower.cf.yml
```

has a line that will cause this error, in line 207, remove "-${AWS::Region}"

Original line:
> S3Bucket: !Sub ${pS3Bucket}-${AWS::Region}

Change it to:
> S3Bucket: !Sub ${pS3Bucket}

Also note the template will attempt to access the S3 bucket in the current region so if your S3 bucket is located in a different region it will fail, make sure to switch to the appropriate region where the S3 bucket is located.

Wrong logging bucket policy with Control Tower

相關內容