AWS Inspector Enabler operation Error in Region: ap-south-1

vn2699 · July 10, 2024, 7:20am

The given resource block, seems to provide an error while applying changes. Since Amazon Inspector2 does not support lambda code scanning currently in ap-south-1 AWS region. But the given service is still enabled in the AWS account.

I am running terraform using github actions. Due to which my job fails. Any suggestion on this will be helpful

Code:

resource "aws_inspector2_enabler" "enable_audit" {
  account_ids = [var.admin_account_id]
  resource_types = ["ECR", "EC2"]
  provider = aws.audit
  lifecycle {
    create_before_destroy = true
    ignore_changes = [ 
      account_ids,
      resource_types
     ]
  }

The Output:

Error: updating AWS Inspector Enabler (*******-EC2:ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: ***********************, AccessDeniedException: Lambda code scanning is not supported in ap-south-1

acwwat · July 10, 2024, 4:42pm

I would consider this a bug - you should open a GitHub issue to report the issue.

The resource is going though the list of resource types and enable/disable them one by one. Since LAMBDA_CODE is not set, the resource is nonetheless calling the Disable API action to make sure it’s disabled, leading to the 403 error in the ap-south-1 region where the type is not supported.

vn2699 · July 11, 2024, 3:20am

Thank you for the response, I will raise an issue for the same.

Topic		Replies	Views
Error create lambda function : 400 Validation Exception AWS	0	2321	September 13, 2021
Error: Invalid AWS Region: ap-southeast-4 AWS	4	2062	February 13, 2023
Terraform - provision EC2 AWS	3	2922	November 15, 2020
Establishing trusted access between AWS Organizations and Inspector v2 AWS	5	1770	May 30, 2023
Service account access for AWS dynamodb Terraform	1	560	February 22, 2024

AWS Inspector Enabler operation Error in Region: ap-south-1

Related topics