Making an attempt to provision a brand new account with Account Manufacturing facility
Right here we’re once more making an attempt to provision an account by way of a Lambda operate utilizing AWS Service Catalog and Management Tower Account Manufacturing facility and I’ve hit the next error:
An error occurred (InvalidParametersException) when calling the ProvisionProduct operation: Specified ProvisioningArtifactId doesn't exist: xxxxxx
As I defined in a previous submit I’ve already validated that I’m utilizing the right IDs, so this error message doesn’t appear correct. I initially assumed it was a permissions error as a result of beforehand talked about inaccurate error messages that have been really permissions errors.
After trial and error I made up my mind it couldn’t be IAM so I checked the provisioning ID once more simply to ensure it was right and it was. Or so I assumed. I pulled this question off a weblog submit on the net and it’s making some assumptions that would produce incorrect outcomes. Actually, I discovered two weblog posts that appeared as if one copied the opposite almost phrase for phrase.
Please don’t be that individual.
Right here’s the offending line of code which presumes that index [-1] will return the right provisioning id:
aws servicecatalog describe-product --id $productid --query ‘ProvisioningArtifacts[-1].Id’ --output textual content
I went into service catalog, clicked Merchandise on the left, clicked on AWS Management Tower Account Manufacturing facility and right here you you see product variations.
Repair: Why provisioning IDs aren't merely known as variations is past me. Moreover, why, oh why are they not commonplace variations that individuals are used to which might be rather more clear (i.e. 1.0, 2.0, and so forth.)?? The error message might additionally state that the service catalog product provisioning id (model) doesn't exist. That might be extra clear and assist a developer know the place to look to validate the data.
Anyway the command produces an incorrect lead to my case as a result of it returns an inactive model (product provisioning id) so I mounted that and eventually my operate works however I nonetheless haven’t gotten to zero-trust permissions but as I discussed I used to be making an attempt to do in my prior submit. And we surprise why individuals over-provision permissions…
And all these errors and a few exception dealing with documentation that was unclear in boto3 brought on me to spend greater than a day writing this easy code:
Teri Radichel — Comply with me @teriradichel on Twitter
© 2nd Sight Lab 2022
____________________________________________
Assets:
About this weblog:
Need to study extra about Cybersecurity and Cloud Safety? Try: Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration take a look at or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Assets by Teri Radichel: Cybersecurity and Cloud safety lessons, articles, white papers, shows, and podcasts
