1. 首頁
  2. 問答
  3. CloudFormation StackSet S3錯誤:區域'us-east-1'錯誤;期待'ap-southeast-1'

CloudFormation StackSet S3錯誤:區域'us-east-1'錯誤;期待'ap-southeast-1'

2017-10-14 656 views
0

我正在嘗試將使用CloudFormation StackSets的lambda函數部署到多個AWS賬戶和區域。但因爲以下錯誤而失敗CloudFormation StackSet S3錯誤:區域'us-east-1'錯誤;期待'ap-southeast-1'

ResourceLogicalId:OfficeHoursAutoScalingStart, ResourceType:AWS::Lambda::Function, ResourceStatusReason:Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'ap-southeast-1'

它看起來像是一個權限的東西?我該如何解決這個問題?

我的模板:

AWSTemplateFormatVersion : '2010-09-09' 
Description: 'Skynet. AWS Management Assistant' 
Parameters: 
    AppName: 
    Type: String 
    Description: Prefix for resources 
    Default: skynet-lambda-stackset 
    ArtifactsBucket: 
    Type: String 
    Description: S3 bucket storing lambda function zip 
    ArtifactZipPath: 
    Type: String 
    Description: Path to lambda function zip 
    CostCenter: 
    Type: String 
    Description: Cost center 
    Default: Admin 
    Owner: 
    Type: String 
    Description: Owner 
    Default: Jiew Meng 

Resources: 
    LambdaRole: 
    Type: AWS::IAM::Role 
    Properties: 
     RoleName: !Sub '${AppName}-lambda' 
     AssumeRolePolicyDocument: 
     Version: '2012-10-17' 
     Statement: 
     - Effect: Allow 
      Principal: 
      Service: 
       - lambda.amazonaws.com 
       - apigateway.amazonaws.com 
      Action: 
      - sts:AssumeRole 
     ManagedPolicyArns: 
     - 'arn:aws:iam::aws:policy/AmazonEC2FullAccess' 
     - 'arn:aws:iam::aws:policy/AWSLambdaFullAccess' 
     - 'arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess' 
     - 'arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess' 
     - 'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess' 

    NewEc2AutoTag: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/newEc2_autoTag.handler 
     Runtime: nodejs6.10 
     FunctionName: 'NewEC2_AutoTag' 
     Description: 'Auto tag new EC2 instances with Owner tag' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    NewEc2Event: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-newEc2 
     Description: On new EC2 instance created 
     EventPattern: 
     source: 
      - 'aws.ec2' 
     detail-type: 
      - 'AWS API Call via CloudTrail' 
     detail: 
      eventName: 
      - RunInstances 
     Targets: 
     - !Ref NewEc2AutoTag 

    AfterhoursEc2Shutdown: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/afterHours_shutdown.handler 
     Runtime: nodejs6.10 
     FunctionName: 'Afterhours_Shutdown' 
     Description: 'Shutdown instances tagged Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    AfterHoursEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-afterHours 
     Description: Triggered on weekdays 2400 SGT 
     ScheduleExpression: cron(0 16 ? * MON,TUE,WED,THUR,FRI *) 
     Targets: 
     - !Ref AfterhoursEc2Shutdown 
     - !Ref AfterhoursAutoScalingShutdown 

    OfficeHoursEc2Start: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/officeHours_start.handler 
     Runtime: nodejs6.10 
     FunctionName: 'OfficeHours_Start' 
     Description: 'Starts instances with Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    OfficeHoursEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-officeHours 
     Description: Triggered on 7AM SGT weekdays 
     ScheduleExpression: cron(0 23 ? * SUN,MON,TUE,WED,THU *) 
     Targets: 
     - !Ref OfficeHoursEc2Start 
     - !Ref OfficeHoursAutoScalingStart 

    StartedEc2ConfigureDns: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/started_configureDns.handler 
     Runtime: nodejs6.10 
     FunctionName: 'StartedEc2_ConfigureDns' 
     Description: 'When EC2 started, configure DNS if required' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    Ec2StartedEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-ec2-started 
     Description: Triggered on EC2 starts 
     EventPattern: 
     source: 
      - 'aws.ec2' 
     detail-type: 
      - 'EC2 Instance State-change Notification' 
     detail: 
      state: 
      - running 
     Targets: 
     - !Ref StartedEc2ConfigureDns 

    AfterhoursAutoScalingShutdown: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/afterHours_shutdown.handler 
     Runtime: nodejs6.10 
     FunctionName: 'Afterhours_AutoScalingShutdown' 
     Description: 'Scales down autoscaling groups tagged Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    OfficeHoursAutoScalingStart: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/officeHours_start.handler 
     Runtime: nodejs6.10 
     FunctionName: 'OfficeHours_AutoScalingStart' 
     Description: 'Scales up auto scaling groups that are scaled down to 0 and tagged autostart: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    NewAutoScalingGroupEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-autoscaling-new 
     Description: Triggered when new autoscaling group created 
     EventPattern: 
     source: 
      - 'aws.autoscaling' 
     detail-type: 
      - 'AWS API Call via CloudTrail' 
     detail: 
      eventName: 
      - CreateAutoScalingGroup 
     Targets: 
     - !Ref NewAutoScalingGroupAutoTag 

    NewAutoScalingGroupAutoTag: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/new_autoTag.handler 
     Runtime: nodejs6.10 
     FunctionName: 'NewAutoScalingGroup_AutoTag' 
     Description: 'Tags new autoscaling groups with owner and autoshutdown tags if not existing' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner

來源

2017-10-14 Jiew Meng

回答

2

看起來你已經創建了AWS區域ap-southeast-1的S3存儲桶(可變ArtifactsBucket在模板中引用)。

使用AWS Stacksets,你已經在部署順序選擇us-east-1的地區之一。

AWS Stackset將SAME參數傳遞給它嘗試在多個區域/帳戶中創建的所有堆棧。

因此,當它試圖在us-east-1區域中創建lambda函數OfficeHoursAutoScalingStart時,它試圖在us-east-1區域本身使用相同的存儲區名稱訪問s3存儲區(GETObject請求)。

即。假設帶有名稱的s3桶通過了ArtifactsBucket參數,它存在於us-east-1本身中。但由於lambda函數的源代碼實際上存在於區域ap-southeast-1中的桶中,因此將引發header malformed error。在這種情況下,存儲桶名稱是匹配的,但該區域不是。

當前,當您使用CloudFormation創建lambda函數時,存在一個限制,即包含您的Lambda函數源代碼的S3存儲桶必須與您創建的STACK位於同一個區域中。 Doc Reference Link

如果是這樣的問題,那麼作爲一個解決方法,你能想到在需要的地區建立S3桶(加上區域名稱作爲前綴桶名稱),並基於該區域在模板中使用它們。

Example: 
us-east-1-lambdabkt 
us-east-2-lambdabkt 
ap-southeast-1-lambdabkt

來源

2017-10-14 21:03:47

+0

我已經解決了您的建議的錯誤。但現在我遇到另一個權限錯誤:https://stackoverflow.com/questions/46751355/aws-cloudformation-stackset-s3-accessdenied也許你可以幫助太:) –

相關問題

 相關問題