cloudbeat icon indicating copy to clipboard operation
cloudbeat copied to clipboard

Published 20 hours ago verified publisher icon elastic

[AWS Orgs] CloudFormation fail to create multiple stacks for the same org

Open uri-weisman opened this issue 1 year ago • 1 comments

Describe the bug In a situation where a user aims to evaluate misconfigurations in two distinct Organizational Units (OUs) within the same organization, they may establish two elastic agents through separate CloudFormation deployments. As a consequence, one of these stack creations is prone to fail due to the preexisting root role.

Preconditions 8.11.0 stack version

To Reproduce Write the exact actions one should perform in order to reproduce the bug. Steps to reproduce the behavior:

  1. Deploy AWS CSPM for organizations
  2. Evaluate an organization unit.
  3. Deploy another agent using Cloudformation and provide a different OU ID under the same organization.
  4. The second stack will fail to be created as we'll try to create an already existing role.

Both deployments should occur in the same AWS region

Expected behavior Even though the Cloudformation template supports a comma-separated list of OU IDs, the user might deploy several stacks to achieve the same, therefore, multiple stack creations in the same org should be possible.

uri-weisman avatar Sep 05 '23 12:09 uri-weisman

I am re-tagging as enhancement since this is intentionally done this way and it is something we can improve on a future version by weighting the additional onboarding, configuration and code complexity

CC @tinnytintin10

orestisfl avatar Sep 05 '23 13:09 orestisfl