Is it possible for Region A cloudfomation to access Region B S3 bucket

0

Hi, I am currently using code pipeline to deploy my lambda function to mutiple region. I have all my source code(artifact) stored in ap-east-1 S3 bucket. I have 2 cloudformation, one is in us-west-1, another one is in ap-east-1.

When I am deploying, I received the below error Enter image description here

It seems my us-west-1 cloudformation cannot access the S3 bucket which is located in the ap-east-1

Could anyone help me out?

RECJ
asked a year ago386 views
1 Answer
0

Hi RECJ,

Ensure that your S3 bucket policy in ap-east-1 allows access from services in us-west-1. Specifically, you'll want to grant permissions to the CloudFormation service role that's being used in us-west-1.

A common strategy is to replicate the S3 artifacts to a bucket in the same region where the CloudFormation stack will be deployed. You can use S3 Cross-Region Replication (CRR) to automatically replicate objects across buckets in different regions.

I hope this helps! If this solution works for you, please accept the answer. Otherwise, do leave a comment, and I'll try to assist you.

profile picture
EXPERT
answered a year ago
  • Hi Vitor,

    Thanks for helping. I wonder for S3 CRR. Say if I have cloud formation in 6 regions. if I replicate the bucket to different region, Then, I will have 6 bucket in 6 different region? correct me if i am wrong. Eventually, I no longer need 4 cloud formation among those 6, do I need to manually delete the cloud formation stack and s3 bucket for those 4 specific region?

  • Hi RECJ,

    Yes, there are more automated methods to handle the cleanup and management of AWS resources.

    Some options:

    • Use a combination of Lambda functions and CloudWatch scheduled events to periodically check for and delete unused resources. For instance, if certain CloudFormation stacks or S3 buckets remain unused or unchanged for a specified period, the Lambda function could automatically delete them.
    • AWS CloudFormation StackSets lets you deploy a CloudFormation stack to multiple regions with a single template. If you decide to remove a particular configuration, updating or deleting the StackSet would propagate those changes to all the specified regions.
    • Use tools like Terraform or the AWS CDK, which can help manage and tear down resources across multiple regions more systematically than native CloudFormation.
    • Write a script using the AWS SDK that can scan for specific resources across regions and delete them based on your criteria.

    Remember to ALWAYS test automated cleanup methods in a non-production environment first to ensure they work as expected and avoid accidental data loss or service disruption.

  • Hi Vitor, Thanks for your suggestion. I will go have a try!

  • Hi RECJ, were you able to make it work?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions