- 最新
- 最多得票
- 最多評論
hi Asisipho,
Thank you your response. I have read and follow your provided links. However, i find they are general guides how to use the CLI command for firewall which same to my posted command, those links only tell us this is a error for "Unable to change the resource because your account doesn't own it", but do not cover a solution for this error.
So, i am still getting stuck in this error.
P.S. my account is "management account" and all firewall settings were performed by this same account.
Hi,
I understand that you want to UpdateFirewallDeleteProtection and you are encountering an error “ResourceOwnerCheckException”.
This is due to making a request on resources that your account does not own. Please find the attached document [1] for more information on this error.
To complete this operation on an account that owns the resources please do refer to attached document[1][2].
I have attached a third party documentation[3] that you can look into to list the firewalls on your resources and be able to perform the UpdateFirewallDeleteProtection operation on.
I hope this helps
Resources:-
hi,
Finally got the solution from AWS,
- go to AWS Firewall Manager at: https://us-east-1.console.aws.amazon.com/wafv2/homev2
- Select any active resources, and choose Actions > Delete. I delete to delete "Firewall Manager" before delete Firewall. Their error message does not clearly show me this error during delete Firewall.
Finally, AWS guys let me to wait a few days to return back this solution to me, and pointed me some wrong direction to test during these few days. It seems they also do not so familiar to their system.
-
Warm Greetings Everyone!* I am having a similar situation with my account . I am unable to delete my Network Firewall , Network Interface, VPC, Endpoints . When trying to delete Network Firewall, this is the error received : 1 * For Firewall : " Cannot DeleteFirewall because at least one of the firewall endpoints are missing the AWSNetworkFirewallManaged:true tag: [vpce-00957b459fe0dec1b] " 2 For endpoints: "vpce-00957b459fe0dec1b - Operation is not allowed for requester-managed VPC endpoints for the service com.amazonaws.vpce.us-east-2.vpce-svc-0f427de517c75a430." 3 * Network Interface: "Network interface is currently in use by ela-attach-xxxxxxxxxxxx"
-
Kindly note that i have released all elastic IPs, NAT, Internet Gateway. I need your assistance please because the bill for Network interface keeps increasing for a service i don't use.
相關內容
AWS 官方已更新 10 個月前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
I have acknowledged that you were doing this operation using a management account, which lead to me assuming that you were talking about firewall manager account. Because if this is the firewall manager account, customer cannot perform activity on the network-firewall that was created on child account by using firewall manager master account, but the account that actually owns the resource.
As a workaround:
You can update the network-firewall policy that was created via firewall manager with PutPolicy https://docs.aws.amazon.com/cli/latest/reference/fms/put-policy.html, firewall can be created with any proprieties of your choice, or you need to assume the child account that has the firewall, and make the changes from that side.
hi Asisipho,
I am mess for account role(s) from your answer, we setup one account in AWS which is management account, we did all the setting by this one account only.
So, i still in the situation as the system said i have no power for the resource in changing the firewall protection flag.