Describe the bug
It appears that we cannot deploy the CFT in region il-central-1. Can we get support for this?
Expected behavior
CFT to deploy new stack will work.
Current behavior
Customer cannot deploy into Tel Aviv region (il-central-1). He gets the following error when trying the template for a Failover pair into a NEW VPC:
Resource handler returned message: "User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/xxx/xxx@company.com is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:il-central-1:xxxxxxxxxxxx:layer:Klayers-p312-requests:3 because no resource-based policy allows the lambda:GetLayerVersion action (Service: Lambda, Status Code: 403, Request ID: xxx)" (RequestToken: xxx, HandlerErrorCode: AccessDenied)
Customer says he was able to get around this by creating a bucket specifically for himself and copying our templates into it. However, after that, he got a new error:
2024-07-01T12:08:56.958Z [9032]: error: AWS Cloud Client secret id arn:aws:secretsmanager:il-central-1:xxxxxxxxx:secret:xxxxxf5-bigIpSecret-xxxxxx is the wrong format
However, we double-checked this secret and it is in the correct format. (Secret itself is a string of letters and numbers without illegal special characters. IAM role allows permissions to secret).
Steps to reproduce
Deploy CFT into il-central-1
Note I cannot test in this region (il-central-f5) with my F5 account. I am unable to replicate customer's problem because of this.
Describe the bug
It appears that we cannot deploy the CFT in region il-central-1. Can we get support for this?
Expected behavior
CFT to deploy new stack will work.
Current behavior
Customer cannot deploy into Tel Aviv region (il-central-1). He gets the following error when trying the template for a Failover pair into a NEW VPC:
Resource handler returned message: "User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/xxx/xxx@company.com is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:il-central-1:xxxxxxxxxxxx:layer:Klayers-p312-requests:3 because no resource-based policy allows the lambda:GetLayerVersion action (Service: Lambda, Status Code: 403, Request ID: xxx)" (RequestToken: xxx, HandlerErrorCode: AccessDenied)
Customer says he was able to get around this by creating a bucket specifically for himself and copying our templates into it. However, after that, he got a new error:
2024-07-01T12:08:56.958Z [9032]: error: AWS Cloud Client secret id arn:aws:secretsmanager:il-central-1:xxxxxxxxx:secret:xxxxxf5-bigIpSecret-xxxxxx is the wrong format
However, we double-checked this secret and it is in the correct format. (Secret itself is a string of letters and numbers without illegal special characters. IAM role allows permissions to secret).
Steps to reproduce
Deploy CFT into il-central-1
Note I cannot test in this region (il-central-f5) with my F5 account. I am unable to replicate customer's problem because of this.