deploying the template fails about aws-iam-temporary-elevated-access-broker HOT 10 CLOSED

There may be an SCP and/or permission boundary in place. Please see the following documentation for additional troubleshooting: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#basic-ts-guide

from aws-iam-temporary-elevated-access-broker.

I don't think it's a SCP/permission boundary, I've setup the account and there's no such thing.

I will look into that link for more debugging tomorrow, thanks.

from aws-iam-temporary-elevated-access-broker.

This is the first error I get......

not sure what it means and I couldn't find any references on it either.

from aws-iam-temporary-elevated-access-broker.

If the value of that property doesn't match the validation rules, then the validation of the whole object fails. Are you passing a parameters file when running the deployment? CloudFormation will fail if it does not receive all required parameters that are defined in the template.

from aws-iam-temporary-elevated-access-broker.

This is the template file that was generated using the command you provided. In that file I added a few params, but they're not related to Lambda.

I believe the erorr is related to this section, which I've not modified:
LambdaLayer:
Properties:
CompatibleRuntimes:
- python3.8
- python3.9
Content: lambda-layer/
Description: Python layer for Temporary Elevated Access Broker
LayerName: temporary-elevated-access-broker-python
LicenseInfo: MIT License
Type: AWS::Lambda::LayerVersion

Full file attached, extension changed to .txt so that i can be uploaded.
packaged-template.txt

from aws-iam-temporary-elevated-access-broker.

Looking at the template provided, it appears that the LambdaLayer source code refers to the local path instead of the Amazon S3 location. The packaged template should be updated with the proper references for the newly-uploaded objects. Can you re-run the CloudFormation package command and share the output?

from aws-iam-temporary-elevated-access-broker.

regenerated & re-attached.

packaged-template.txt

from aws-iam-temporary-elevated-access-broker.

It appears that the package command is still not transforming the LambdaLayer function with the S3 location. The Code property should have been updated with the bucket and uploaded object name. What version of the AWS CLI do you have installed? You can call aws --version to check the version. If you have an older version installed, you will need to upgrade: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

from aws-iam-temporary-elevated-access-broker.

I've updated this, but still fails.

from aws-iam-temporary-elevated-access-broker.

It appears that the package command is not recognizing the 'lambda-layer' folder. Unfortunately, I was not able to reproduce this on my end. You may need to manually upload the files to an S3 bucket and then add the location to your template, as shown in the following example:

  LambdaLayer:
    Type: 'AWS::Lambda::LayerVersion'
    Properties:
      Content:
        S3Bucket: cf-deployment-resources
        S3Key: f03ebff8a8a10440fe23667d0c0cddf4
      LayerName: temporary-elevated-access-broker-python
      Description: Python layer for Temporary Elevated Access Broker
      LicenseInfo: MIT License
      CompatibleRuntimes:
        - python3.8
        - python3.9

from aws-iam-temporary-elevated-access-broker.