You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/faq/faq.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -285,6 +285,9 @@ The preferred and recommended method to connect to instances within the Accelera
285
285
- If you want to remove the region from your command line, you can:
286
286
- Type: “aws configure” from command prompt, hit {enter} (key), {enter} (secret), enter: ca-central-1, {enter}
287
287
288
+
### 1.1.14. I ran the state machine but it failed when it tried to delete the default VPC? The state machine cannot delete the default VPC (Error : VPC has dependencies and cannot be deleted) ?
289
+
- You need to ensure that resources don’t exist in the default VPC or else the state machine won't be able to delete it. If you encounter this error, you can either delete the resources within the VPC or delete the default VPC manually and run the state machine again.
290
+
288
291
## 1.2. Existing Accounts/Organizations
289
292
290
293
### 1.2.1. How do I import an existing AWS account into my Accelerator managed AWS Organization (or what if I created a new AWS account with a different Organization trust role)?
Copy file name to clipboardExpand all lines: docs/installation/customization-index.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -89,7 +89,7 @@
89
89
- Third Party Firewall example configs:
90
90
- The Accelerator is provided with a sample 3rd party configuration file to demonstrate automated deployment of 3rd party firewall technologies. Given the code is vendor agnostic, this process should be able to be leveraged to deploy other vendors firewall appliances. When and if other options become available, we will add them here as well.
12. In Organizations, move the Management account from the `root` OU into the `Security` OU
177
+
12. In AWS Organizations, move the Management account from the `root` OU into the `Security` OU
178
178
4. Verify:
179
179
1. AWS Organizations is enabled in `All features` mode
180
180
- if required, navigate to AWS Organizations, click `Create Organization`, `Create Organization`
@@ -280,7 +280,7 @@ If deploying to an internal AWS employee account and installing the solution wit
280
280
- If deploying the Managed AD, update the dns-domain, netbios-domain, log-group-name, as well as the AD users and groups that will be created;
281
281
- For a test deployment, the remainder of the values can be used as-is;
282
282
- While it is generally supported, we recommend not adding more than 1 or 2 workload accounts to the config file during the initial deployment as it will increase risks of hitting a limit. Once the Accelerator is successfully deployed, add the additional accounts to the config file and rerun the state machine.
283
-
- More information [here](./customization-index.md#15-config-file-minimum-changes) on the fields in the config file that need to be updated.
283
+
- More information [here](./customization-index.md#15-summary-of-example-config-file-minimum-changes-for-new-installs) on the fields in the config file that need to be updated.
284
284
3. A successful deployment of the prescriptive architecture requires VPC access to 9 AWS endpoints, you cannot remove both the perimeter firewalls (all public endpoints) and the 9 required central VPC endpoints from the config file (ec2, ec2messages, ssm, ssmmessages, cloudformation, secretsmanager, kms, logs, monitoring).
285
285
4. When deploying to regions other than `ca-central-1`, you need to modify your config file as follows (for Canada Central 1, the AMI ids are pre-populated for you):
286
286
1. Update the firewall and firewall manager AMI id's to reflect your home regions regional AMI id's (see 2.3.3, item 13), making sure you select the right version and region per the recommendations.
@@ -293,7 +293,7 @@ If deploying to an internal AWS employee account and installing the solution wit
293
293
- the bucket must be `S3-KMS` encrypted using the `ASEA-Source-Bucket-Key` created above
294
294
6. Place your customized config file(s), named `config.json` (or `config.yaml`), in your new bucket
295
295
7. If required, place the firewall configuration and license files in the folder and path defined in the config file
296
-
- For AWS Network Firewall: `nfw/nfw-example-policy.json`
296
+
- For AWS Network Firewall: `nfw/nfw-example-policy.json`
297
297
- For Fortinet: `firewall/firewall-example.txt`, `firewall/license1.lic` and `firewall/license2.lic`
298
298
- We have made several samples available [here](../../reference-artifacts/Third-Party): `./reference-artifacts/Third-Party/`
299
299
- Both samples comprise an active / active firewall pair. Until recently we only brought up one tunnel per firewall, you now also have an example which brings up both tunnels per firewall
@@ -318,7 +318,7 @@ If deploying to an internal AWS employee account and installing the solution wit
318
318
3. Use the provided CloudFormation template to deploy a new stack in your Management (root) AWS account
319
319
- As previously stated we do not support installation in sub-accounts
320
320
4. Login to your Organization Management account and **_make sure you are in your desired `home` region_** (i.e. `ca-central-1`) (your desired primary or control region)
321
-
5. Navigate to **CloudFormation** in the AWS Console and click `Create stack`, then
321
+
5. Navigate to **CloudFormation** in the AWS Console and click `Create stack with new resources (standard)`, then
322
322
- Select "Template is ready"
323
323
- For the "Specify template" select "Upload a template file"
324
324
- Select the `*.template.json` file you downloaded in step 2 above
0 commit comments