Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StateManager association fails to execute automation due to invalid parameters #68

Open
tomjacobchirayil opened this issue Oct 7, 2024 · 2 comments
Open

StateManager association fails to execute automation due to invalid parameters #68

tomjacobchirayil opened this issue Oct 7, 2024 · 2 comments

Comments

@tomjacobchirayil
Copy link

The state manager association created by the solution has incorrect parameter value for the Parameter 'Action'
https://github.com/aws-ia/cfn-abi-crowdstrike-fcs/blob/main/templates/ssm-association-stackset.yml

The allowed values for the parameter 'Action' according to the above template is AllowedValues: [ "install", "uninstall"]

The automation execution using the above state manager assocation is failing with the below error message:

Excerpts from CloudTrail:

    "eventSource": "ssm.amazonaws.com",
    "eventName": "StartAutomationExecution",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "ssm.amazonaws.com",
    "userAgent": "ssm.amazonaws.com",
    "errorCode": "InvalidAutomationExecutionParametersException",
    "errorMessage": "Parameter \"Action\" has value \"install\" not found in [Install, Uninstall].",
    "requestParameters": {
        "documentName": "CrowdStrike-FalconSensorDeploy",
        "documentVersion": "2",
        "parameters": {
            "AutomationAssumeRole": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "Action": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "FalconClientSecret": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "SecretsManagerSecretName": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "FalconClientId": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "SecretStorageMethod": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ],
            "FalconCloud": [
                "HIDDEN_DUE_TO_SECURITY_REASONS"
            ]
        }

Is it possible to change allowed values accordingly in the 'templates/ssm-association-stackset.yml' template?
AllowedValues: [ "Install", "Uninstall"]
@ryanjpayne
Copy link
Contributor

@tomjacobchirayil thank you this has been addressed in the latest PR.

@kkvinjam please link to #69 and close. Thanks!

@EylonT
Copy link

EylonT commented Oct 27, 2024
edited
Loading

After the update, the new CloudFormation template fails with the following error on the resource: StagingS3BucketPolicy

CustomResource attribute error: Vendor response doesn't contain organization_id attribute in object arn:aws:cloudformation:eu-west-1:xxxxxxxxxx:stack/stack-org-master-crowdstrike-enable-integrations/xxxxxxx|OrgIdLambdaCustomResource|xxxxxxx

Using the older version still works successfully. Please check on your end that the template is completed successfully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ryanjpayne @tomjacobchirayil @EylonT