Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

The authorization header is malformed; the region '<AWS Region>' is wrong; expecting '<AWS Region>'

0

I have two buckets, one in eu-west-1 and one in us-east-1. Lambda@edge executes on origin requests. The request is dynamically recreated based on the origin of the client. I spun up two servers in respective regions and perform a simple curl to get a file. The file exists on the same path on both buckets. The file consists of single line describing the region, that would allow me to know which region it's in. When the request originates from eu-west-1 the request goes through successfully. However, when the request originates from us-east-1 it fails. All the other posts about this error haven't helped me unfortunately. Anyone have an idea what the issue might be? I will provide more details about the setup if that's needed.

Error:

$ curl -L cdn.mywebsite.cloud/welcome.html
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'eu-west-1' is wrong; expecting 'us-east-1'</Message><Region>us-east-1</Region><RequestId>N93PW0DBYKD9J801</RequestId><HostId>PVi9MrrxoPmWMIV48Ao/eNogihE/TFFAGvPjkwvRfBZPHLl4Myys5SQ/3vxY1WYuLXmIBt5dJGE=</HostId></Error>

Lambda@edge logic:

us_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"
eu_bucket = "cdn-origin-bucket-eu-west-1-XXXX.s3.eu-west-1.amazonaws.com"
# ap_bucket = "mybucket-ap.amazonaws.com"
default_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"

# Regions Mapping
regions_mapping = {
  # NA
  "us-east-1": us_bucket,
  "us-east-2": us_bucket,
  "us-west-1": us_bucket,
  "us-west-2": us_bucket,
  "ca-central-1": us_bucket,
  # EU
  "eu-central-1": eu_bucket,
  "eu-central-1": eu_bucket,
  "eu-west-1": eu_bucket,
  "eu-west-2": eu_bucket,
  "eu-west-3": eu_bucket,
  "eu-north-1": eu_bucket,
}

def lambda_handler(event, context):
  request = event['Records'][0]['cf']['request']

  # Identify edge region
  lambda_region = context.invoked_function_arn.split(':')[3]

  # Get S3 bucket based on regions mapping
  domain_name = regions_mapping.get(lambda_region, default_bucket)

  # Update origin request object
  request['origin']['s3']['domainName'] = domain_name
  request['origin']['s3']['region'] = lambda_region
  request['headers']['host'] = [{'key': 'host', 'value': domain_name}]

  return request

I have followed this AWS guide Using Amazon CloudFront and Amazon S3 to build multi-Region active-active geo proximity applications.

Temas
AlmacenamientoCálculoRedes y entrega de contenido
Etiquetas
Amazon Simple Storage ServiceAprovisionamiento de sitios webRedes y entrega de contenidoAmazon CloudFrontLambda@Edge
Idioma
English
foroozf001
preguntada hace un año2658 visualizaciones
3 Respuestas
0

If you use origin access control for authorization of the access to the origin bucket, you may solve the issue by changing the authorization method to origin access identity. Of course, you should modify bucket policy for all other buckets that you use in your Lambda@Edge.

AWS
Junseong_J
respondido hace 9 meses
0

Region in response is wrong. I updated lambda code and works for me.

Try this:

us_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"
eu_bucket = "cdn-origin-bucket-eu-west-1-XXXX.s3.eu-west-1.amazonaws.com"
# ap_bucket = "mybucket-ap.amazonaws.com"
default_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"

# Regions Mapping
regions_mapping = {
  # NA
  "us-east-1": us_bucket,
  "us-east-2": us_bucket,
  "us-west-1": us_bucket,
  "us-west-2": us_bucket,
  "ca-central-1": us_bucket,
  # EU
  "eu-central-1": eu_bucket,
  "eu-central-1": eu_bucket,
  "eu-west-1": eu_bucket,
  "eu-west-2": eu_bucket,
  "eu-west-3": eu_bucket,
  "eu-north-1": eu_bucket,
}

def lambda_handler(event, context):
  request = event['Records'][0]['cf']['request']

  # Identify edge region
  lambda_region = context.invoked_function_arn.split(':')[3]

  # Get S3 bucket based on regions mapping
  domain_name = regions_mapping.get(lambda_region, default_bucket)
  bucket_region = domain_name.split('.')[2]

  # Update origin request object
  request['origin']['s3']['domainName'] = domain_name
  request['origin']['s3']['region'] = bucket_region 
  request['headers']['host'] = [{'key': 'host', 'value': domain_name}]

  return request
Amir Babic
respondido hace 8 meses
-1

Try using this code to get the region more effectively:

import os

def lambda_handler(event, context):
	runtime_region = os.environ['AWS_REGION']
AWS
vtjean
respondido hace un año
  • foroozf001
    hace un año

    I'm afraid this doesn't adress the issue, but thanks for the input

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante