unable to deploy the the AWS cloud migration factory solution

0

I am trying to deploy the cloud migration factory in aws using cloud formation template download from here https://solutions-reference.s3.amazonaws.com/cloud-migration-factory-on-aws/latest/aws-cloud-migration-factory-solution.template

but it failed deploy and rollbacked immediately. Enter image description here

I have seen that few resources failed to create, i am clueless as i have used admin user and even root user as well.

Can some one check and help ?

Mohan
已提問 1 年前檢視次數 338 次
3 個答案
0
已接受的答案

Hello.

Although it is not visible in the image, the reason why resource creation failed may be listed in the "Status reason" column.
Could you please share the "Status reason" column?

profile picture
專家
已回答 1 年前
0

Thanks for the reply.
I deployed using the same template in my environment and saw the same error.
The cause of the error is unknown, but OAI itself is an old control method, so I used OAC to control it, and the deployment was successful.
The change should be made around line 227 to the following template.

  FrontEndBucketPolicy:
    Condition: DeployCloudFront
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref FrontEndBucket
      PolicyDocument:
        Statement:
        - Action: s3:GetObject
          Effect: Allow
          Resource: !Sub ${FrontEndBucket.Arn}/*
          Principal:
            Service: cloudfront.amazonaws.com
          Condition:
            StringEquals:
              AWS:SourceArn: !Sub arn:aws:cloudfront::${AWS::AccountId}:distribution/${CloudfrontDistribution}

  CloudFrontOriginAccessControl:
    Condition: DeployCloudFront
    Type: AWS::CloudFront::OriginAccessControl
    Properties: 
      OriginAccessControlConfig:
        Description: Default Origin Access Control
        Name: !Ref AWS::StackName
        OriginAccessControlOriginType: s3
        SigningBehavior: always
        SigningProtocol: sigv4

  CloudfrontDistribution:
    Condition: DeployCloudFront
    DependsOn: CloudFrontFunction
    Type: AWS::CloudFront::Distribution
    Properties:
      Tags:
        -
          Key: application
          Value: !Ref Application
        -
          Key: environment
          Value: !Ref Environment
        -
          Key: Name
          Value: !Sub ${Application}-${Environment}-CloudFrontDistribution
      DistributionConfig:
        WebACLId:
          !If
          - DeployWAF
          - !GetAtt WAFFEStack.Outputs.WAFFEACLArn
          - !Ref 'AWS::NoValue'
        Enabled: true
        PriceClass: 'PriceClass_100'
        DefaultRootObject: 'index.html'
        ViewerCertificate:
          CloudFrontDefaultCertificate: true
          MinimumProtocolVersion: TLSv1.2_2018
        CustomErrorResponses:
          - ErrorCachingMinTTL: 300
            ErrorCode: 403
            ResponseCode: 200
            ResponsePagePath: '/index.html'
        HttpVersion: http2
        DefaultCacheBehavior:
          AllowedMethods:
            - HEAD
            - DELETE
            - POST
            - GET
            - OPTIONS
            - PUT
            - PATCH
          ForwardedValues:
            QueryString: false
          TargetOriginId: !Sub S3-${FrontEndBucket}
          ViewerProtocolPolicy: redirect-to-https
          FunctionAssociations:
            - EventType: viewer-response
              FunctionARN: !GetAtt CloudFrontFunction.FunctionMetadata.FunctionARN
        IPV6Enabled: true
        Logging:
          Bucket: !GetAtt AccessLoggingBucket.DomainName
        Origins:
          - DomainName: !GetAtt FrontEndBucket.DomainName
            Id: !Sub S3-${FrontEndBucket}
            S3OriginConfig:
              OriginAccessIdentity: ''
            OriginAccessControlId: !GetAtt CloudFrontOriginAccessControl.Id
    Metadata:
      cfn_nag:
        rules_to_suppress:
          - id: W70
            reason: "It is already TLSv1.2_2018"
profile picture
專家
已回答 1 年前
profile picture
專家
已審閱 5 個月前
  • Thank you.

0

Please check the screens hotEnter image description here

Mohan
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南