WebIDF CloudFormation quicklink, failing to deploy

Question

WebIDF CloudFormation quicklink, failing to deploy

EGStrain opened this issue a year ago · comments

https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/quickcreate?templateURL=https://learn-cantrill-labs.s3.amazonaws.com/aws-cognito-web-identity-federation/WEBIDF.yaml&stackName=WEBIDF

I am seeing:

Logical ID: appbucket
Status: Create_Failed
Status Reason: API: s3:CreateBucket Access Denied

With the following as being the Status Reason for CloudFormation to fail to deploy:

The following resource(s) failed to create: [appbucket, patchesprivatebucket]. Rollback requested by user.

Logged in with Admin user in us-east-1 before deployment. It's possible that it's trying to create a bucket named appbucket which may already exist in another account (due to global namespace).

Elliot Strain · Answer 1 · Sat Mar 04 2023 18:07:54 GMT+0800 (China Standard Time)

To clarify, this was from the lesson available here:

https://learn.cantrill.io/courses/aws-certified-solutions-architect-professional/lectures/24435345

Adrian Cantrill · Answer 2 · Sat Mar 04 2023 18:09:44 GMT+0800 (China Standard Time)

Hi
I notice you work for AWS, are you trying to create this in an AWS account provided by AWS ? if so, they prevent you creating buckets which are public.
The 'app bucket' name is logical, CFN will create one with randomness attached to prevent this.
I'm 99% sure its the AWS provided account being the issue.

Elliot Strain · Answer 3 · Sat Mar 04 2023 18:11:22 GMT+0800 (China Standard Time)

Yes, using internal account, will confirm.

Elliot Strain · Answer 4 · Sat Mar 04 2023 18:14:27 GMT+0800 (China Standard Time)

I got this to resolve by disabling Account level Block Public Access on S3. Thank you.