[BUG] Easy Setup Fails When Deploying AWS GuardDuty

[BlakePierantoni]

Describe the bug

The easy setup stackset fails to deploy during initial provisioning in a net new AWS Organization.

Stacks Failing: rGuardDutyOrgLambdaCustom

• Reason: "An error occured (BadRequestException) when calling the EnableOrganizationAdmin Account Operation: The request is rejected because an invalid or out of range value is specified as an input parameter"

rGuardDutyOrgLambdaCustomResource

• Reason: "An error occured (BadRequestException) when calling the EnableOrganizationAdmin Account Operation: The request is rejected because an invalid or out of range value is specified as an input parameter"

To Reproduce

Steps to reproduce the behavior:

1. Deploy SRA Easy setup with the following selections
   • EC2 Default Volume Encryption
   • GuardDuty
     • Malware Protection
   • IAM Access Analyzer
   • IAM Account Password Policy
   • S3 Block Account Public Access

Additional context

I double checked all parameters and didn't see an issue with any being passed through. The easy setup is pointing at the main branch

[cyphronix]

Hi @BlakePierantoni we are trying to recreate this issue. When you checked the parameters, can you please confirm that you set: - pControlTower (set to 'false') - pGovernedRegions (set to be a comma separated list of regions) - pSecurityAccountId (set to be your security tooling account ID) - pLogArchiveAccountId (set to be your log archive account ID)

Can you also tell us what regions you are deploying the SRA too?

[BlakePierantoni]

@liamschn , it seems this issue was resolved.

[cyphronix]

Closing. Please reach out if you need further assistance.