Comments (10)
There may be an SCP and/or permission boundary in place. Please see the following documentation for additional troubleshooting: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#basic-ts-guide
from aws-iam-temporary-elevated-access-broker.
I don't think it's a SCP/permission boundary, I've setup the account and there's no such thing.
I will look into that link for more debugging tomorrow, thanks.
from aws-iam-temporary-elevated-access-broker.
This is the first error I get......
2021-12-08 15:19:49 UTC+0000 | LambdaLayer | CREATE_FAILED | Property validation failure: [Value of property {/Content} does not match type {Object}] |
---|
not sure what it means and I couldn't find any references on it either.
from aws-iam-temporary-elevated-access-broker.
If the value of that property doesn't match the validation rules, then the validation of the whole object fails. Are you passing a parameters file when running the deployment? CloudFormation will fail if it does not receive all required parameters that are defined in the template.
from aws-iam-temporary-elevated-access-broker.
This is the template file that was generated using the command you provided. In that file I added a few params, but they're not related to Lambda.
I believe the erorr is related to this section, which I've not modified:
LambdaLayer:
Properties:
CompatibleRuntimes:
- python3.8
- python3.9
Content: lambda-layer/
Description: Python layer for Temporary Elevated Access Broker
LayerName: temporary-elevated-access-broker-python
LicenseInfo: MIT License
Type: AWS::Lambda::LayerVersion
Full file attached, extension changed to .txt so that i can be uploaded.
packaged-template.txt
from aws-iam-temporary-elevated-access-broker.
Looking at the template provided, it appears that the LambdaLayer source code refers to the local path instead of the Amazon S3 location. The packaged template should be updated with the proper references for the newly-uploaded objects. Can you re-run the CloudFormation package command and share the output?
from aws-iam-temporary-elevated-access-broker.
regenerated & re-attached.
from aws-iam-temporary-elevated-access-broker.
It appears that the package command is still not transforming the LambdaLayer function with the S3 location. The Code
property should have been updated with the bucket and uploaded object name. What version of the AWS CLI do you have installed? You can call aws --version
to check the version. If you have an older version installed, you will need to upgrade: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
from aws-iam-temporary-elevated-access-broker.
I've updated this, but still fails.
from aws-iam-temporary-elevated-access-broker.
It appears that the package command is not recognizing the 'lambda-layer' folder. Unfortunately, I was not able to reproduce this on my end. You may need to manually upload the files to an S3 bucket and then add the location to your template, as shown in the following example:
LambdaLayer:
Type: 'AWS::Lambda::LayerVersion'
Properties:
Content:
S3Bucket: cf-deployment-resources
S3Key: f03ebff8a8a10440fe23667d0c0cddf4
LayerName: temporary-elevated-access-broker-python
Description: Python layer for Temporary Elevated Access Broker
LicenseInfo: MIT License
CompatibleRuntimes:
- python3.8
- python3.9
from aws-iam-temporary-elevated-access-broker.
Related Issues (20)
- Move Okta setup above CloudFormation deployment HOT 1
- Adding a Groups claim to ID tokens - guidance HOT 2
- Creating authorization groups - IAM roles not known yet
- Creating target roles - LambdaIdentityBrokerRole output value
- ApiGatewayKeyValue contains the CLI command to get the key - Guidance update HOT 1
- ui/public/index.html - incorrect path HOT 1
- /public/index.html - APIEndpoint -> ServiceEndpoint HOT 1
- Okta configuration - missing guidance, and examples HOT 1
- SNS - Create & validate an email before CloudFormation Deploy HOT 1
- Absolute paths in deployment instructions
- npm install build has vulnerabilities HOT 1
- Recommendation should be changed for aws-jwt-verify lib
- React Native Clipboard version of React causes dependency conflict with React Web
- Getting a 500 error when rejecting a request HOT 1
- Form components onchange event not firing
- Recieving "AuthSdkError: getUserInfo requires an access token object" after okta authentication HOT 1
- CLI Credentials UI Error
- Okta Org Authentication Server instead Custom Authentication Server
- Improve CloudFormation guidance HOT 1
- Improve CloudFormation guidance - parameter order HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-iam-temporary-elevated-access-broker.