Giters

aws-solutions / virtual-waiting-room-on-aws

Virtual Waiting Room on AWS solution helps absorb and control incoming user requests to your website during an unusually large burst of traffic, usually due to a large-scale event.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CREATE_FAILED status with CloudFormation

cccdi opened this issue · comments

commented

Describe the bug
Cannot use cloudformation to create the project
Abort with below

PublicWaitingRoomApiDeployment | CREATE_FAILED | Resource handler returned message: "CloudWatch Logs role ARN must be set in account settings to enable logging (Service: ApiGateway, Status Code: 400, Request ID: 1883f56e-ece5-418e-8a5d-)" (RequestToken: 3b7df1a8-68cc-d380-2dbb- HandlerErrorCode: InvalidRequest)

aws-vwr-CoreModuleStack-*| CREATE_FAILED | The following resource(s) failed to create: [PrivateWaitingRoomApiDeployment, PublicWaitingRoomApiDeployment].

To Reproduce
Just create Stack with the provided template link :
https://ap-east-1.console.aws.amazon.com/cloudformation/home?region=ap-east-1#/stacks/create/template?&stackName=aws-vwr-sample&templateURL=https://solutions-reference.s3.amazonaws.com/aws-virtual-waiting-room/latest/aws-virtual-waiting-room-getting-started.template

Screenshot 2022-09-08 at 10 29 29 AM

commented

It's failing on the Api creation, and that's indicates you probably need to take care of the prerequisite for the API Gateway logging role. There is a template to add the logging role for you discussed here: https://docs.aws.amazon.com/solutions/latest/virtual-waiting-room-on-aws/automated-deployment.html#prerequisites

commented

@JimTharioAmazon Thank you for your info, the API Gateway issue solved by "aws-virtual-waiting-room-api-gateway-cw-logs-role.template" , but I got another CREATE_FAILED issue from

PublicApiCloudFront | - | AWS::CloudFront::Distribution | CREATE_FAILED | Resource handler returned message: "Access denied for operation 'You don't have permission to access the S3 bucket for CloudFront logs: vwr-coremodulestack-k9gr7ved4-loggingbucket-1h92zy7fx7kkm.s3.amazonaws.com If you're using IAM, you need s3:GetBucketAcl and s3:PutBucketAcl permissions to create a distribution or to update log settings for an existing distribution. In addition, the S3 ACL for the bucket must grant you FULL_CONTROL. (Service: CloudFront, Status Code: 403, Request ID: 93109c88-59b8-4cb6-a534-)'." (RequestToken: bd0664e8-ccd1-d0f3-c24f-, HandlerErrorCode: AccessDenied)

And I cant see any template to install for this issue.

Screenshot 2022-09-09 at 11 03 43 AM

commented

I found that not every region can use cloudformation with online template.
Some of the region's Cloudfront cannot delivery logs to S3 caused cloudfront distribution create failed.