Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deployment of cloudformation template failed in Hongkong (ap-east-1) region #232

Closed
3rd-stone opened this issue Sep 2, 2020 · 4 comments
Closed

deployment of cloudformation template failed in Hongkong (ap-east-1) region #232

3rd-stone opened this issue Sep 2, 2020 · 4 comments
Labels
bug

Comments

@3rd-stone
Copy link

Describe the bug
Cloudformation error: GetObject for solutions-ap-east-1/serverless-image-handler/v4.2/custom-resource.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException;)

Possible Reason:
The different s3 url structure between HK region and other regions (i.e object url for HK region: https://bucket.s3.ap-east-1.amazonaws.com/a.zip, while object url for other regions: https://s3.amazonaws.com/bucket/a.zip)
@3rd-stone 3rd-stone added the bug label Sep 2, 2020
@beomseoklee
Copy link
Member

@3rd-stone I'm sorry to hear that you experienced an issue. Unfortunately, we currently don't support the Hong Kong region. We will update you when we are ready to support the Hong Kong region.

@ssannidhi-palo
Copy link

ssannidhi-palo commented Sep 3, 2020
edited
Loading

@beomseoklee I had to deploy this stack in the HK region, but fails with the "S3 Access Denied". As suggested, I have followed the instructions in the README and built the distribution along with the CF template.

The cloud formation stack keeps failing in the ap-east-1 region with below error.

You don't have permission to access the S3 bucket for CloudFront logs: test-logs-a9v2cdhvdx05.s3.amazonaws.com If you're using IAM, you need s3:GetBucketAcl and s3:PutBucketAcl permissions to create a distribution or to update log settings for an existing distribution. In addition, the S3 ACL for the bucket must grant you FULL_CONTROL. (Service: AmazonCloudFront; Status Code: 403; Error Code: AccessDenied; Request ID: 437e0482-f2be-41e5-a7ad-d24b79a0b0c9)

Uploading image.png…

I have used an IAM role with AdministratorAccess to provision the Cloud Formation Stack. I also tried setting the ACL for the logs bucket to "BucketOwnerFullControl" but still fails with the same error.

Please give me a solution to proceed with this. Is this something to do with the behaviour of S3 being different in HK region?

@beomseoklee
Copy link
Member

@ssannidhi-palo I'm sorry for your inconvenience, but that's the current restriction on CloudFront side. You can see the document.

We will think about the workaround for the issue.

@G-Lenz
Copy link
Contributor

G-Lenz commented Jan 29, 2021

We've added support for the Hong Kong region in v5.2.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fisenkodv @beomseoklee @G-Lenz @3rd-stone @ssannidhi-palo