0

我正在关注https://aws.amazon.com/de/blogs/security/how-to-automate-aws-account-creation-with-sso-user-assignment/来自动创建 sso 帐户。它说:

此解决方案配置为部署在北弗吉尼亚地区 (us-east-1)。但是您可以更改 CloudFormation 模板以在支持解决方案所需的所有服务的任何区域中运行。

所以我创建了堆栈https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml并从我们更改顶部面板中的区域-east-1 到 eu-central-1。

堆栈的创建失败并出现以下事件:

Logical ID: CreateAccountAssignmentLambda  
Status: Create_FAILED 
Status reason: Resource handler returned message: "Error occurred while GetObject. S3 Error Code: PermanentRedirect. S3 Error Message: The bucket is in this region: us-east-1. Please use this region to retry the request (Service: Lambda, Status Code: 400, Request ID: 7fd58877-67b5-46b6-ac60-693f1edff8df, Extended Request ID: null)" (RequestToken: b49cb70f-2820-2c65-76c2-1a0b2776cd94, HandlerErrorCode: InvalidRequest)

我检查了模板和其中引用的位置:
https ://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml

https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/batchcreation_lambda.zip

https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/account_create_lambda.zip

https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip

但是没有提到us-east-1or Virginia。如何更改 CloudFormation 模板以在其他区域运行?

4

1 回答 1

1

似乎问题出在S3Bucket: awsiammedia.

我会将您需要的资产复制awsiammedia到新区域中的存储桶中,并使用您找到的存储桶名称awsiammedia。所以,“配置”不是一个好的描述。

CreateAccountAssignmentLambda:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        --> S3Bucket: awsiammedia
        S3Key: public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip
于 2022-03-01T21:13:50.667 回答