AWS Region selected has no support for an AWS Service created by Citadel
In this case the region can’t be used with Citadel, please contact support to help find an alternative solution.
AWS Service Limits are reached
Most AWS Services have limits on usage. Citadel might try to create a resource above the limit allowed by the account. For remediation:
- Find current limits on the “Service Quotas” dashboard at the AWS Console of the user’s Accounts.
- Ask to increase the limits through AWS Support, see: https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
Failed to deploy baseline on region
This error usually happens when you are deploying a new Foundation or when you are redeploying an existing region.
- Go to the AWS account and log into the Log Archive account with a user or role with permissions;
- Select the S3 service and select Buckets;
- Look for any bucket with the AWS Account Number and delete it;
- Go back to app.citadel.run;
- Select the Management page and then select Regions on the left menu;
- Find the Region with the Failed status, click on the three dots and click Redeploy.
Failed to deploy domain
This error occurs when you try to deploy a domain that is already in use or if the domain you are trying to create is reserved by AWS.
Try to use a different domain.
Failed to deploy linked baseline - Account should have
This error occurs when you try to create a linked account but your AWS Account does not allow Citadel to deploy Cloud Formation Templates.
Check if your account has been connected to Citadel.
- Go to the Dashboard page on the app.citadel.run;
- Check if the
Connect Citadel to your AWS Accountis checked.
- If not, click on
Connect to AWS.
- Follow the steps to connect Citadel to your AWS Account.
Failed to enable compliance assessment for environment
This error occurs when you try to deploy a new compliance to your environment.
Cause: Resource handler returned message: "Resource of type
AWS::AuditManager::Assessment with identifier
<compliance-standard> was not found." (RequestToken: <aws-id>, HandlerErrorCode: NotFound).
- Go to the AWS console and log to the environment account ;
- Go to the S3 Buckets service to delete the bucket
assessment-<aws-account-number>-<aws-region>created by Citadel;
- Go to the Cloud Formation Stacks, find and delete the stacks below if they exist: