- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
I think this is due to the IAM transmission delay problem that occurred a while ago.
It is thought that there was a problem in which the newly created IAM settings took a long time to be reflected, so they could not be referenced in the S3 bucket policy.
[RESOLVED] IAM Propagation delays
[07:52 PM PST] Beginning at 5:27 PM PST, IAM role and policy changes stopped propagating to some regions, as mentioned in an earlier update. By 7:18 PM PST, we had identified the root cause, which allowed earlier submitted changes to begin propagating. As a backlog of changes had developed during that time, it took until 7:40 PM PST for that backlog to be fully processed. As of now, all IAM role and policy changes are propagating normally. Some dependent services are still processing their backlogs, as they fully recover they will report GREEN status on this event. No IAM changes were lost during this process, only delayed, so there is no need to re-submit any changes that may have been submitted during this time. They have all been fully propagated.
[07:18 PM PST] IAM role and policy changes submitted after 5:27 PM PST are not propagating to the following regions: US-EAST-1, US-EAST-2, US-WEST-1, US-WEST-2, AP-NORTHEAST-1, AP-NORTHEAST-2, AP-NORTHEAST-3, AP-SOUTH-1, AP-SOUTHEAST-1, AP-SOUTHEAST-2, CA-CENTRAL-1, EU-NORTH-1, EU-WEST-1, EU-WEST-2, EU-WEST-3, and SA-EAST-1. We have identified the cause of the issue, and are actively working towards mitigation. This issue is affecting creation of and changes to IAM roles, users, and policies. This is also affecting workflows that make changes to IAM, such as creating a new EKS cluster. Operations that authenticate or authorize against existing IAM configurations are not affected, such as retrieving an S3 object or invoking a Lambda function. We will provide another update within 30 minutes.
[06:57 PM PST] We are investigating increased propagation delays for AWS Identity and Access Management (IAM). Newly created or recently updated IAM users, credentials, roles, policies are impacted. Authentication and authorization of existing users, credentials, roles, policies are not impacted.
