- Newest
- Most votes
- Most comments
The error suggests that the environment blueprint configuration needs to enable at least one region, even though you have specified multiple regions in your CloudFormation template. I suggest checking the correctness of the region codes, the permissions of the IAM role, any potential resource limits, and the blueprint configuration
Resolution-
There are several key aspects missing from the above template, which led to the deployment failures.
To address this, here is an updated AWS CloudFormation template that should resolve the issue.
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template for creating an Amazon Data Zone
Domain, Project, Environment Blueprint, Environment Profile, and Environment
Parameters:
DataZoneDomainExecutionRoleArn:
Type: String
Description: The ARN of the existing service role for Data Zone domain execution
Default: #your AmazonDataZoneDomainExecution Role Arn
Resources:
DataZoneDomain:
Type: AWS::DataZone::Domain
Properties:
Name: MyDomain
DomainExecutionRole: !Ref DataZoneDomainExecutionRoleArn
DataZoneProject:
DependsOn: DataZoneDomain
Type: AWS::DataZone::Project
Properties:
Name: MyProject
DomainIdentifier: !GetAtt DataZoneDomain.Id
DataZoneEnvBlueprint:
DependsOn: DataZoneDomain
Type: AWS::DataZone::EnvironmentBlueprintConfiguration
Properties:
EnabledRegions:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
DomainIdentifier: !GetAtt DataZoneDomain.Id
EnvironmentBlueprintIdentifier: DefaultDataLake
ManageAccessRoleArn: !Ref DataZoneDomainExecutionRoleArn
ProvisioningRoleArn: !Ref DataZoneDomainExecutionRoleArn
RegionalParameters:
- Parameters:
S3Location: s3://MY-S3-BUCKET-NAME
Region: us-east-1
DataZoneEnvProfile:
DependsOn: DataZoneEnvBlueprint
Type: AWS::DataZone::EnvironmentProfile
Properties:
Name: MyEnvProfile
ProjectIdentifier: !GetAtt DataZoneProject.Id
AwsAccountId: !Ref AWS::AccountId
AwsAccountRegion: us-east-1
DomainIdentifier: !GetAtt DataZoneDomain.Id
EnvironmentBlueprintIdentifier: !GetAtt DataZoneEnvBlueprint.EnvironmentBlueprintId
DataZoneEnvironment:
DependsOn: DataZoneEnvProfile
Type: AWS::DataZone::Environment
Properties:
Name: MyEnvironment
DomainIdentifier: !GetAtt DataZoneDomain.Id
EnvironmentProfileIdentifier: !GetAtt DataZoneEnvProfile.Id
ProjectIdentifier: !GetAtt DataZoneProject.Id
Please note the following considerations:
- Ensure that ManageAccessRoleArn and ProvisioningRoleArn properties are correctly specified.
- Provide an S3 bucket and region as noted under RegionalParameters.
- Ensure that the IAM role AmazonDataZoneDomainExecution has the necessary managed policies attached:
- AmazonAthenaFullAccess
- AmazonDataZoneDomainExecutionRolePolicy
- AmazonDataZoneRedshiftGlueProvisioningPolicy
- AmazonS3FullAccess.
Once all of the above are satisfied, you should see the deployment of the stack succeed and another stack automatically being deployed to create the environment.
Thank you.
Relevant content
- asked 7 months ago
- asked 4 months ago
- asked 4 months ago
- How do I troubleshoot the errors I get when I use AWS CloudFormation to create Route 53 record sets?AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 7 months ago