I'm following https://aws.amazon.com/de/blogs/security/how-to-automate-aws-account-creation-with-sso-user-assignment/ to automate sso account creation. It says:
This solution is configured to be deployed in the North Virginia Region (us-east-1). But you can change the CloudFormation template to run in any Region that supports all the services required in the solution.
So I create the stack https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml and change the region in the top panel from us-east-1 to eu-central-1.
The creation of the stack fails with the following event:
Logical ID: CreateAccountAssignmentLambda
Status: Create_FAILED
Status reason: Resource handler returned message: "Error occurred while GetObject. S3 Error Code: PermanentRedirect. S3 Error Message: The bucket is in this region: us-east-1. Please use this region to retry the request (Service: Lambda, Status Code: 400, Request ID: 7fd58877-67b5-46b6-ac60-693f1edff8df, Extended Request ID: null)" (RequestToken: b49cb70f-2820-2c65-76c2-1a0b2776cd94, HandlerErrorCode: InvalidRequest)
I have inspected the tamplate and the locations referenced therein:
https://awsiammedia.s3.amazonaws.com/public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/automate_aws_accounts_creation_sso_users_assignment.yaml
But there is no mention of us-east-1 or Virginia. How can I change the CloudFormation template to run in another region?
It seems as though the problem is the S3Bucket: awsiammedia.
I would copy the assets you need from awsiammedia to a bucket in the new region, and use that bucket name where you find awsiammedia. So, 'configure' is not a good description.
CreateAccountAssignmentLambda:
Type: AWS::Lambda::Function
Properties:
Code:
--> S3Bucket: awsiammedia
S3Key: public/sample/952-Automate-AWS-Accounts-Creation-SSO-Users-Assignment/create_account_assignment_lambda.zip