Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] SRA-GUARDDUTY An error occurred (BadRequestException) when calling the EnableOrganizationAdminAccount operation #178

Open
gcasilva opened this issue Sep 29, 2023 · 3 comments
Open

[BUG] SRA-GUARDDUTY An error occurred (BadRequestException) when calling the EnableOrganizationAdminAccount operation #178

gcasilva opened this issue Sep 29, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@gcasilva
Copy link

gcasilva commented Sep 29, 2023
edited
Loading

Describe the bug

When running SRA Guardduty on a new AWS Account for the first time the error below can be seen:

"Traceback (most recent call last):\n File "/var/task/crhelper/resource_helper.py", line 204, in _wrap_function\n self.PhysicalResourceId = func(self._event, self._context) if func else ''\n File "/var/task/app.py", line 268, in process_cloudformation_event\n process_create_update_event(params, regions)\n File "/var/task/app.py", line 193, in process_create_update_event\n guardduty.process_organization_admin_account(params.get("DELEGATED_ADMIN_ACCOUNT_ID", ""), regions)\n File "/var/task/guardduty.py", line 86, in process_organization_admin_account\n guardduty_client.enable_organization_admin_account(AdminAccountId=admin_account_id)\n File "/opt/python/botocore/client.py", line 530, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File "/opt/python/botocore/client.py", line 964, in _make_api_call\n raise error_class(parsed_response, operation_name)\nbotocore.errorfactory.BadRequestException: An error occurred (BadRequestException) when calling the EnableOrganizationAdminAccount operation: The request is rejected because an invalid or out-of-range value is specified as an input parameter."

If we re-run the Cloudformation template then everything works correctly.

To Reproduce

Using SRA Guardduty on a new AWS Account (Management Account with Control Tower enabled) for the first time.
On second execution everything works correctly and this error doesn't show up anymore.

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

Deployment Environment (please complete the following information)

  • Deployment Framework [e.g. Customizations for Control Tower and CloudFormation StackSets]:
  • Deployment Framework Version [e.g. 1.0, 2.0]:

Additional context

Add any other context about the problem here.
@gcasilva gcasilva added the bug Something isn't working label Sep 29, 2023
@BlakePierantoni
Copy link

I'm getting the same bug. It looks like there is a param issue.

@gcasilva
Copy link
Author

gcasilva commented Nov 2, 2023

@BlakePierantoni I've tested this again with the last commit that was made and wasn't able to replicate the issue anymore, so I was going to close this one, but wanted to check if you're still having it on your scenario.
Can you please test this again in the scenario you were having the issue to check if it's happening to you still? Thanks

@BlakePierantoni
Copy link

@gcasilva, yeah I tested this again and the issue is resolved. I didn't change anything in terms of config/deployment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gcasilva @BlakePierantoni