If you use aws validate-template --template-url https//s3.amazon.aws.com/bucket/object
in the case where the object is encrypted with a KMS key that your user does not have access to, you get the error below:
An error occurred (ValidationError) when calling the ValidateTemplate operation: S3 error: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.
For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
This error is very unclear that the root cause is to do with KMS permissions. Why does this particular error get returned - it it a bug or is there a good reason?
Thanks.