Failing to create security-automations-for-aws-waf in il-central-1

[arshikam]

Describe the bug
Solution is not deploying in il-central-1 region.

To Reproduce
Try to deploy the stack in il-central-1 region:

https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/step-1.-launch-the-stack.html

Expected behavior
It should deploy in the il-central-1 region.

Please complete the following information about the solution:

• Version: [e.g. v3.1]

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "Security Automations for AWS WAF v3.1: This AWS CloudFormation template helps you provision the Security Automations for AWS WAF stack without worrying about creating and configuring the underlying AWS infrastructure". If the description does not contain the version information, you can look at the mappings section of the template:

Mappings:
  SourceCode:
    General:
      TemplateBucket: 'solutions-reference'
      SourceBucket: 'solutions'
      KeyPrefix: 'waf-security-automation/v3.1'

• Region: [e.g. us-east-1]
• Was the solution modified from the version published on this repository?
• If the answer to the previous question was yes, are the changes available on GitHub?
• Have you checked your service quotas for the services this solution uses?
• Were there any errors in the CloudWatch Logs?

Screenshots
If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context
When trying to deploy the below solution in il-central-1 region:
https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/step-1.-launch-the-stack.html

Getting below error:

Error 1:

There was an error creating this change set
Template format error: Unrecognized resource types: [AWS::ServiceCatalogAppRegistry::AttributeGroup, AWS::ServiceCatalogAppRegistry::Application, AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation, AWS::ServiceCatalogAppRegistry::ResourceAssociation]

Now I found a document where it says that 'ServiceCatalogAppRegistry' is not supported for il-central-1 region but it is not a official document.

https://www.aws-services.info/servicecatalog-appregistry.html

The same stack is getting deployed successfully in us-east-1 region.

Tried to remove the dependancy for 'ServiceCatalogAppRegistry' resource from the template and deployed the stack. This time it failed with below error:

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: IllegalLocationConstraintException. S3 Error Message: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to. (Service: Lambda, Status Code: 400, Request ID: ***)" (RequestToken: ***, HandlerErrorCode: InvalidRequest)

Please guide on this as to how we can proceed and deploy the solution in il-central-1 region

[aijunpeng]

The out-of-box solution is not supported in il-central-1 region. You can try to customize the source code to remove AppRegistry (see #254), build and upload assets to s3, following https://github.com/aws-solutions/aws-waf-security-automations/blob/main/README.md. Added this request to our backlog for tracking.

[veltz-avi]

Hi,
AppRegistry was deployed in il-central-1 region.
There is a new error during deployment:
Version: 4.0.3
Released: 10/2023

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: IllegalLocationConstraintException. S3 Error Message: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to. (Service: Lambda, Status Code: 400, Request ID: 86e8b292-52d5-457c-826b-862677edcfd6)" (RequestToken: a771a5e3-af96-80bc-9c0d-3959c34fbcf6, HandlerErrorCode: InvalidRequest)

[aijunpeng]

The out-of-box solution is not supported in il-central-1 region therefore no assets are deployed in that region. We added it to our roadmap. Meanwhile please see my previous comment for workaround.