Connecting AWS management account and provided CloudFormation template

Hi everyone,

when following instructions to connect AWS environment to MDC (connecting AWS management account) I've deployed provided CloudFormation template both as a Stack and as a StackSet. Step 12 in the guide (https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings) says following:

"Using the downloaded CloudFormation template, create the stack in AWS as instructed on screen. If you're onboarding a management account, you'll need to run the CloudFormation template both as Stack and as StackSet."

But there is an issue with deployment of some of the Stack instances. I've selected two AWS regions during StackSet deployment (us-east-1 and us-west-1), deployment in us-east-1 succeeded but deployment in us-west1 failed (within the same AWS account). The reason is that IAM roles (provided CloudFormation template deploys mostly IAM roles), which are global resources, were already deployed in us-east-1 and deployment fails when it tries to deploy same IAM role in us-west-1.

Has anyone else noticed same behavior? I guess that provided CloudFormation template need to be modified so that it doesn't try to deploy IAM roles if they are deployed in some other region (i.e. make sure that IAM roles are deployed only in single region, something like "main" region which can be defined as parameter).