Direkt zum Inhalt
Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post
Über re:Post

S3 bucket replication failed due to Destination bucket must exist (Service: Amazon S3; Status Code: 400; Error Code: InvalidRequest) error , but the destination bucket is existing .

0

I am giving replication configuration to the s3 bucket but getting Destination bucket must exist Service: Amazon S3; Status Code: 400 error even if the destination bucket is existing . Source bucket is in eu-west-1 region and destination bucket is in us-east-1 region .Getting this error while deploying in Cloudformation stack. I am able to give replication configuration with the same destination bucket through console.Below is the code for s3 and replication configuration.

S3BucketMap:
    test :
      s3BucketArn : "arn:aws:s3:::mybucket-test"
      s3BucketAllObjectsArn : "arn:aws:s3:::mybucket-test/*"
    beta :
      s3BucketArn : "arn:aws:s3:::mybucket-beta"
      s3BucketAllObjectsArn: "arn:aws:s3:::mybucket-beta/*"
    prod :
      s3BucketArn : "arn:aws:s3:::mybucket-prod"
      s3BucketAllObjectsArn: "arn:aws:s3:::mybucket-prod/*"

TestS3Bucket:
  Type: 'AWS::S3::Bucket'
  DeletionPolicy: Retain
  Properties:
    BucketName: {"Fn::Sub": "test-s3-bucket-${Stage}"}
    PublicAccessBlockConfiguration:
      BlockPublicAcls: Yes
      BlockPublicPolicy: Yes
      IgnorePublicAcls: Yes
      RestrictPublicBuckets: Yes
    VersioningConfiguration:
      Status: Enabled
    ReplicationConfiguration:
      Role: !GetAtt ReplicationBucketRole.Arn
      Rules:
        - Prefix: ""
          Id: ReplicationRule
          Status: Enabled
          Destination:
            Bucket: { Fn::FindInMap: [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketArn" ] }

ReplicationBucketRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Action: [ "sts:AssumeRole" ]
          Effect: Allow
          Principal:
            Service: [ "s3.amazonaws.com" ]

ReplicationBucketPolicy:
  Type: AWS::IAM::Policy
  Properties:
    PolicyName: ReplicationBucketPolicy
    Roles: [ !Ref ReplicationBucketRole ]
    PolicyDocument:
      Statement:
        - Action:
            - s3:ListBucket
            - s3:GetObjectVersionForReplication
            - s3:GetReplicationConfiguration
            - s3:GetObjectVersionAcl
            - s3:GetObjectVersionTagging
          Effect: Allow
          Resource:
            - !Sub "arn:aws:s3:::${TestS3Bucket}"
            - !Sub "arn:aws:s3:::${TestS3Bucket}/*"
        - Action:
            - s3:ReplicateObject
            - s3:ReplicateDelete
            - s3:ReplicateTags
            - s3:GetObjectVersionTagging
            - s3:ObjectOwnerOverrideToBucketOwner
          Effect: Allow
          Resource: { Fn::FindInMap: [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketAllObjectsArn" ] }
Themen
Management & UnternehmensführungSpeicherSicherheit, Identität & Konformität
Tags
AWS BefehlszeilenschnittstelleIAM-RichtlinienAWS CloudFormationSpeicherAmazon Simple Storage Service
Sprache
English
gefragt vor 3 Jahren2301 Aufrufe
1 Antwort
0

Hi,

I'm not familiar with CloudFormation, but where does CF find the variable Stage ? => [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketArn" ]

beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Relevanter Inhalt