Issue during deployment of GuardDuty To ACL solution

I’ve not deployed this but read the blog and instructions and reviewed your error message. I’m not a CloudFormation expert but a terraform one.

Couple of questions.

Which region did you create your S3 bucket?

Which region are you deploying your CloudFormation in?

Did you fill out the details in your CloudFormation stack details of your S3 bucket for artifacts and S3 path to artifacts?

It sounds like CloudFormation can’t find your S3 bucket you have created.

I was able to deploy the solution without any problems. There is one step in the instructions that could probably be made clearer - when you deploy the Cloud Formation template, you need to specify the S3 bucket you created in step 2 for the 'S3 bucket for artifacts' parameter. Just use the bucket name (don't include s3://). Hope this helps.

The below error occurs when CloudFormation is trying to retrieve an object from S3 that does not exist.

error:

"Resource handler returned message: "Error occurred while GetObject. S3 Error Code: NoSuchKey. S3 Error Message: The specified key does not exist. (Service: Lambda, Status Code: 400, Request ID: 33ac5240-b9d1-405e-b93c-35a7d55d133c)" (RequestToken: cfaaa9f6-53ec-9be2-21c9-8c4fc995c17a, HandlerErrorCode: InvalidRequest)"

Please see few things to check:

• Make sure the S3 bucket and key specified in the CloudFormation template actually contains the file/object it is trying to retrieve. Double check the bucket name, key name, and that the file is publicly accessible (if getting it from another account).

• Make sure you have specified the correct permissions in your IAM roles for CloudFormation to access the S3 bucket. It needs s3:GetObject permission at minimum.

• Try running an aws s3api head-object command directly with the same bucket/key to validate the object exists before the CloudFormation deploy.

• Check for any Lambda layers or custom resources that may be expecting a file from S3 and making the GetObject call. Ensure those references are correct.

• As a test, try putting a simple text file in the S3 location and reference it directly in CloudFormation to see if it can retrieve that file successfully.

• Look in the CloudFormation event logs for more details on exactly which resource is causing the error during the failed stack creation/update.

• The specified key might have been deleted from the S3 bucket. Verify if the object still exists in the bucket or if it has been deleted either manually or by an automated process.

• Double-check the object key or path you are providing in the GetObject API. Ensure that the key or path is correct and matches the object you are trying to retrieve.

• Make sure you are specifying the correct bucket name in the GetObject API. If the object exists in a different bucket, provide the correct bucket name in the API call.

• If you are trying to retrieve an object that was never uploaded to the S3 bucket, you will encounter this error. Verify if the object was successfully uploaded to the bucket before attempting to retrieve it.

The key thing is that CloudFormation cannot find an object at the S3 location specified. Validate that location externally first before troubleshooting further in CloudFormation.

Thank you