Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

S3 bucket replication failed due to Destination bucket must exist (Service: Amazon S3; Status Code: 400; Error Code: InvalidRequest) error , but the destination bucket is existing .

0

I am giving replication configuration to the s3 bucket but getting Destination bucket must exist Service: Amazon S3; Status Code: 400 error even if the destination bucket is existing . Source bucket is in eu-west-1 region and destination bucket is in us-east-1 region .Getting this error while deploying in Cloudformation stack. I am able to give replication configuration with the same destination bucket through console.Below is the code for s3 and replication configuration.

S3BucketMap:
    test :
      s3BucketArn : "arn:aws:s3:::mybucket-test"
      s3BucketAllObjectsArn : "arn:aws:s3:::mybucket-test/*"
    beta :
      s3BucketArn : "arn:aws:s3:::mybucket-beta"
      s3BucketAllObjectsArn: "arn:aws:s3:::mybucket-beta/*"
    prod :
      s3BucketArn : "arn:aws:s3:::mybucket-prod"
      s3BucketAllObjectsArn: "arn:aws:s3:::mybucket-prod/*"

TestS3Bucket:
  Type: 'AWS::S3::Bucket'
  DeletionPolicy: Retain
  Properties:
    BucketName: {"Fn::Sub": "test-s3-bucket-${Stage}"}
    PublicAccessBlockConfiguration:
      BlockPublicAcls: Yes
      BlockPublicPolicy: Yes
      IgnorePublicAcls: Yes
      RestrictPublicBuckets: Yes
    VersioningConfiguration:
      Status: Enabled
    ReplicationConfiguration:
      Role: !GetAtt ReplicationBucketRole.Arn
      Rules:
        - Prefix: ""
          Id: ReplicationRule
          Status: Enabled
          Destination:
            Bucket: { Fn::FindInMap: [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketArn" ] }

ReplicationBucketRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Action: [ "sts:AssumeRole" ]
          Effect: Allow
          Principal:
            Service: [ "s3.amazonaws.com" ]

ReplicationBucketPolicy:
  Type: AWS::IAM::Policy
  Properties:
    PolicyName: ReplicationBucketPolicy
    Roles: [ !Ref ReplicationBucketRole ]
    PolicyDocument:
      Statement:
        - Action:
            - s3:ListBucket
            - s3:GetObjectVersionForReplication
            - s3:GetReplicationConfiguration
            - s3:GetObjectVersionAcl
            - s3:GetObjectVersionTagging
          Effect: Allow
          Resource:
            - !Sub "arn:aws:s3:::${TestS3Bucket}"
            - !Sub "arn:aws:s3:::${TestS3Bucket}/*"
        - Action:
            - s3:ReplicateObject
            - s3:ReplicateDelete
            - s3:ReplicateTags
            - s3:GetObjectVersionTagging
            - s3:ObjectOwnerOverrideToBucketOwner
          Effect: Allow
          Resource: { Fn::FindInMap: [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketAllObjectsArn" ] }
Themen
SpeicherManagement & UnternehmensführungSicherheit, Identität & Konformität
Tags
Amazon Simple Storage ServiceAWS BefehlszeilenschnittstelleAWS CloudFormationSpeicherIAM-Richtlinien
Sprache
English
rePost-User-6875368
gefragt vor einem Jahr1163 Aufrufe
1 Antwort
0

Hi,

I'm not familiar with CloudFormation, but where does CF find the variable Stage ? => [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketArn" ]

profile picture
Donov
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt