cloudformation-cli icon indicating copy to clipboard operation
cloudformation-cli copied to clipboard
verified publisher icon aws-cloudformation

CloudFormationManagedUploadInfrastructure setup issues

Open miparnisari opened this issue 4 years ago • 0 comments

A customer attempted to register modules using CodeBuild and reported this to us:

  • The registration failed with "internal failure". It was not clear what the error was. In the end it turned out that the CodeBuild service role was missing kms:decrypt permissions against the KMS key used by the S3 bucket (the same KMS Key generated by the CloudFormationManagedUploadInfrastructure stack). CFN CLI should give more descriptive error messages.
  • When CloudFormationManagedUploadInfrastructure generates, the stack should provide a "AWS::KMS::Alias" to simplify KMS key management, KMS permissions, and with making templates across many accounts.
  • We should provide guidance on what the CloudFormationManagedUploadInfrastructure stack is and what it does. (For this point, i'm not sure if this should be explained in this repo, or in the CloudFormation user guide).

miparnisari avatar Mar 30 '21 20:03 miparnisari