Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Why did Former2 try to CreateServiceLinkedRole
See original GitHub issueAfter pressing Scan, two API calls appeared in CloudTrail:
SearchProvisionedProducts, which seems legit to me.- The one below. One second after the first one. Not sure why it happened on
us-east-1, too, since all I have is onca-central-1.
Why exactly did it try to do that?
Also, this was ultimately generated after selecting Include all Resources (see the typo with ${IAMGroup}istrative):
IAMServiceLinkedRole2:
Type: "AWS::IAM::ServiceLinkedRole"
Properties:
AWSServiceName: "support.amazonaws.com"
Description: !Sub "Enables resource access for ${EC2PrefixList.OwnerId} to provide billing, ${IAMGroup}istrative and support services"
Additionally, since I scanned (three times I think?), I have a forecasted monthly cost of 0.02$.
I’ve also no idea why it apparently discovered LoadBalancers, and some EC2PrefixList which point to S3 and DynamoDB considering I never spinned up any of those things. Same for ElastiCacheParameterGroup, and OpsWorksUserProfile, and ElasticBeanstalkApplication, and ApiGatewayAccount, and AthenaWorkGroup, and GlueDataCatalogEncryptionSettings…
Otherwise, thank you for Former2 ! It’s an awesome service. Saved me days of work by generating a pretty nice >600 LOC template.
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hey @payne911,
Just returning back to the original question you had, I’ve discussed this with the AWS service teams and it does seem that calling
globalaccelerator.ListAcceleratorswill trigger the internal call toiam.CreateServiceLinkedRoleto make the Global Accelerator SLR.It seems this is an uncontrollable side-effect of making that call, which is required to list the accelerators within the account.
Hey @payne911,
There is a bunch of services which charge for Get/List calls (example), so I’ll make an update to the README to reflect this.
I notice your sample templates have been pulled from Pastebin before I got to them, so feel free to shoot me an email with the details.
As for CloudFormation itself, it is generally very good at cleaning up its own resources when you delete the stack, however consequential resources like CloudWatch logs would remain so make sure to consider this. A billing alarm will catch overages, however you should plan to be billed a dollar or two for small things like this.