CloudFormation StackSet S3错误:区域'us-east-1'错误;期待'ap-southeast-1'

时间:2017-10-14 13:49:40

标签: amazon-web-services amazon-s3 amazon-cloudformation

我正在尝试使用CloudFormation StackSets将我的lambda函数部署到多个AWS账户和区域。但由于以下错误而失败

  

ResourceLogicalId:OfficeHoursAutoScalingStart,ResourceType:AWS :: Lambda :: Function,ResourceStatusReason:GetObject时发生错误。 S3错误代码:AuthorizationHeaderMalformed。 S3错误消息:授权标头格式错误;该地区'us-east-1'错了;期待'ap-southeast-1'

它似乎是一个权限的东西?我该如何解决这个问题?

我的模板:

AWSTemplateFormatVersion : '2010-09-09'
Description: 'Skynet. AWS Management Assistant'
Parameters:
  AppName:
    Type: String
    Description: Prefix for resources
    Default: skynet-lambda-stackset
  ArtifactsBucket:
    Type: String
    Description: S3 bucket storing lambda function zip
  ArtifactZipPath:
    Type: String
    Description: Path to lambda function zip
  CostCenter:
    Type: String
    Description: Cost center
    Default: Admin
  Owner:
    Type: String
    Description: Owner
    Default: Jiew Meng

Resources:
  LambdaRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub '${AppName}-lambda'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
              - lambda.amazonaws.com
              - apigateway.amazonaws.com
          Action:
          - sts:AssumeRole
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/AmazonEC2FullAccess'
        - 'arn:aws:iam::aws:policy/AWSLambdaFullAccess'
        - 'arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess'
        - 'arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess'
        - 'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess'

  NewEc2AutoTag:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: ec2/newEc2_autoTag.handler
      Runtime: nodejs6.10
      FunctionName: 'NewEC2_AutoTag'
      Description: 'Auto tag new EC2 instances with Owner tag'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

  NewEc2Event:
    Type: AWS::Events::Rule
    Properties:
      Name: !Sub ${AppName}-newEc2
      Description: On new EC2 instance created
      EventPattern:
        source:
          - 'aws.ec2'
        detail-type:
          - 'AWS API Call via CloudTrail'
        detail:
          eventName:
            - RunInstances
      Targets:
        - !Ref NewEc2AutoTag

  AfterhoursEc2Shutdown:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: ec2/afterHours_shutdown.handler
      Runtime: nodejs6.10
      FunctionName: 'Afterhours_Shutdown'
      Description: 'Shutdown instances tagged Auto Shutdown: true'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

  AfterHoursEvent:
    Type: AWS::Events::Rule
    Properties:
      Name: !Sub ${AppName}-afterHours
      Description: Triggered on weekdays 2400 SGT
      ScheduleExpression: cron(0 16 ? * MON,TUE,WED,THUR,FRI *)
      Targets:
        - !Ref AfterhoursEc2Shutdown
        - !Ref AfterhoursAutoScalingShutdown

  OfficeHoursEc2Start:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: ec2/officeHours_start.handler
      Runtime: nodejs6.10
      FunctionName: 'OfficeHours_Start'
      Description: 'Starts instances with Auto Shutdown: true'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

  OfficeHoursEvent:
    Type: AWS::Events::Rule
    Properties:
      Name: !Sub ${AppName}-officeHours
      Description: Triggered on 7AM SGT weekdays
      ScheduleExpression: cron(0 23 ? * SUN,MON,TUE,WED,THU *)
      Targets:
        - !Ref OfficeHoursEc2Start
        - !Ref OfficeHoursAutoScalingStart

  StartedEc2ConfigureDns:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: ec2/started_configureDns.handler
      Runtime: nodejs6.10
      FunctionName: 'StartedEc2_ConfigureDns'
      Description: 'When EC2 started, configure DNS if required'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

  Ec2StartedEvent:
    Type: AWS::Events::Rule
    Properties:
      Name: !Sub ${AppName}-ec2-started
      Description: Triggered on EC2 starts
      EventPattern:
        source:
          - 'aws.ec2'
        detail-type:
          - 'EC2 Instance State-change Notification'
        detail:
          state:
            - running
      Targets:
        - !Ref StartedEc2ConfigureDns

  AfterhoursAutoScalingShutdown:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: autoscaling/afterHours_shutdown.handler
      Runtime: nodejs6.10
      FunctionName: 'Afterhours_AutoScalingShutdown'
      Description: 'Scales down autoscaling groups tagged Auto Shutdown: true'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

  OfficeHoursAutoScalingStart:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: autoscaling/officeHours_start.handler
      Runtime: nodejs6.10
      FunctionName: 'OfficeHours_AutoScalingStart'
      Description: 'Scales up auto scaling groups that are scaled down to 0 and tagged autostart: true'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

  NewAutoScalingGroupEvent:
    Type: AWS::Events::Rule
    Properties:
      Name: !Sub ${AppName}-autoscaling-new
      Description: Triggered when new autoscaling group created
      EventPattern:
        source:
          - 'aws.autoscaling'
        detail-type:
          - 'AWS API Call via CloudTrail'
        detail:
          eventName:
            - CreateAutoScalingGroup
      Targets:
        - !Ref NewAutoScalingGroupAutoTag

  NewAutoScalingGroupAutoTag:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: !Ref ArtifactsBucket
        S3Key: !Ref ArtifactZipPath
      Handler: autoscaling/new_autoTag.handler
      Runtime: nodejs6.10
      FunctionName: 'NewAutoScalingGroup_AutoTag'
      Description: 'Tags new autoscaling groups with owner and autoshutdown tags if not existing'
      Timeout: 30
      Role: !GetAtt LambdaRole.Arn
      Tags:
        - Key: Cost Center
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

1 个答案:

答案 0 :(得分:6)

看起来您已在AWS区域ArtifactsBucket中创建了s3存储桶(在模板中由变量ap-southeast-1引用)。

使用AWS Stacksets,您已选择us-east-1作为 部署订单 中的某个区域。

AWS Stackset将 SAME参数传递给它尝试在多个区域/帐户中创建的所有堆栈。

因此,当它试图在OfficeHoursAutoScalingStart区域中创建lambda函数us-east-1时,尝试访问us-east-1区域本身的s3存储桶(GETObject请求),同样桶名。

即。假设名称通过ArtifactsBucket参数传递的s3存储桶存在于us-east-1本身。但是因为lambda函数的源代码实际上位于区域ap-southeast-1中的存储桶中,header malformed error被抛出。在这种情况下,存储桶名称是匹配的,但区域不是。

目前,当您使用CloudFormation创建lambda函数时,存在一个限制,即包含Lambda函数源代码的S3存储桶必须位于SAME区域中作为您正在创建的堆栈Doc Reference Link

如果这是问题,那么作为修复,您可以考虑在所需区域中创建s3存储桶(将区域名称添加为存储桶名称的前缀),并根据区域在模板中使用它们。 / p> 

Example:
us-east-1-lambdabkt
us-east-2-lambdabkt
ap-southeast-1-lambdabkt
相关问题
最新问题