Can't create deny-unsupported-regions SCP #53
Description
Hi,
I'm hoping someone can help me. I'm running into an issue where I can't create the SCP to block regions, when it runs it looks like:
INFO: Executing: update-stacks templates/010-scps/deny-unsupported-regions.yml monad-deny-unsupported-regions.{"result":{"state":"FAILURE","reason":{"$metadata":{"httpStatusCode":200,"requestId":"1abcd8fa-5dd8-4340-8106-1ea449e194f6","attempts":
1,"totalRetryDelay":0},"Stacks":[{"StackId":"arn:aws:cloudformation:us-east-1:637423365128:stack/monad-deny-unsupported-regions/8060052
0-d0f7-11ee-9b0b-0e4b40acefbf","StackName":"monad-deny-unsupported-regions","Parameters":[{"ParameterKey":"targetIds","ParameterValue":
"r-yjlu"},{"ParameterKey":"supportedRegions","ParameterValue":"us-west-1,us-west-2,us-east-1,us-east-2"}],"CreationTime":"2024-02-21T20
:26:32.467Z","DeletionTime":"2024-02-21T20:26:37.173Z","RollbackConfiguration":{},"StackStatus":"ROLLBACK_COMPLETE","DisableRollback":f
alse,"NotificationARNs":[],"Capabilities":["CAPABILITY_NAMED_IAM","CAPABILITY_IAM","CAPABILITY_AUTO_EXPAND"],"Tags":[],"EnableTerminati
onProtection":false,"DriftInformation":{"StackDriftStatus":"NOT_CHECKED"}}]}}} (637423365128 = ManagementAccount)
ERROR: Resource Scp failed because Internal Failure.
I see the same thing in the console, with a failure and:
The following resource(s) failed to create: [Scp]. Rollback requested by user.
I tried looking through CloudTrail but I see nothing useful in there. I then tried making an SCP by hand (well, the policy) with the same regions just to make sure there wasn't anything obvious. That worked.
The params for this template look like:
supportedRegions: us-west-1,us-west-2,us-east-1,us-east-2
targetIds: r-yjlu
My manually created SCP was just the policy part, I didn't try to attach it to the target. Not sure if that's part of the issue. I'm not really sure what to troubleshoot next, I'm feeling a bit lost on this one!