By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

The authorization header is malformed; the region '<AWS Region>' is wrong; expecting '<AWS Region>'

0

I have two buckets, one in eu-west-1 and one in us-east-1. Lambda@edge executes on origin requests. The request is dynamically recreated based on the origin of the client. I spun up two servers in respective regions and perform a simple curl to get a file. The file exists on the same path on both buckets. The file consists of single line describing the region, that would allow me to know which region it's in. When the request originates from eu-west-1 the request goes through successfully. However, when the request originates from us-east-1 it fails. All the other posts about this error haven't helped me unfortunately. Anyone have an idea what the issue might be? I will provide more details about the setup if that's needed.

Error:

$ curl -L cdn.mywebsite.cloud/welcome.html
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header is malformed; the region 'eu-west-1' is wrong; expecting 'us-east-1'</Message><Region>us-east-1</Region><RequestId>N93PW0DBYKD9J801</RequestId><HostId>PVi9MrrxoPmWMIV48Ao/eNogihE/TFFAGvPjkwvRfBZPHLl4Myys5SQ/3vxY1WYuLXmIBt5dJGE=</HostId></Error>

Lambda@edge logic:

us_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"
eu_bucket = "cdn-origin-bucket-eu-west-1-XXXX.s3.eu-west-1.amazonaws.com"
# ap_bucket = "mybucket-ap.amazonaws.com"
default_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"

# Regions Mapping
regions_mapping = {
  # NA
  "us-east-1": us_bucket,
  "us-east-2": us_bucket,
  "us-west-1": us_bucket,
  "us-west-2": us_bucket,
  "ca-central-1": us_bucket,
  # EU
  "eu-central-1": eu_bucket,
  "eu-central-1": eu_bucket,
  "eu-west-1": eu_bucket,
  "eu-west-2": eu_bucket,
  "eu-west-3": eu_bucket,
  "eu-north-1": eu_bucket,
}

def lambda_handler(event, context):
  request = event['Records'][0]['cf']['request']

  # Identify edge region
  lambda_region = context.invoked_function_arn.split(':')[3]

  # Get S3 bucket based on regions mapping
  domain_name = regions_mapping.get(lambda_region, default_bucket)

  # Update origin request object
  request['origin']['s3']['domainName'] = domain_name
  request['origin']['s3']['region'] = lambda_region
  request['headers']['host'] = [{'key': 'host', 'value': domain_name}]

  return request

I have followed this AWS guide Using Amazon CloudFront and Amazon S3 to build multi-Region active-active geo proximity applications.

Topics
StorageComputeNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceWebsite ProvisioningNetworking & Content DeliveryAmazon CloudFrontLambda@Edge
Language
English
foroozf001
asked a year ago2559 views
3 Answers
0

If you use origin access control for authorization of the access to the origin bucket, you may solve the issue by changing the authorization method to origin access identity. Of course, you should modify bucket policy for all other buckets that you use in your Lambda@Edge.

AWS
Junseong_J
answered 9 months ago
0

Region in response is wrong. I updated lambda code and works for me.

Try this:

us_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"
eu_bucket = "cdn-origin-bucket-eu-west-1-XXXX.s3.eu-west-1.amazonaws.com"
# ap_bucket = "mybucket-ap.amazonaws.com"
default_bucket = "cdn-origin-bucket-us-east-1-XXXX.s3.us-east-1.amazonaws.com"

# Regions Mapping
regions_mapping = {
  # NA
  "us-east-1": us_bucket,
  "us-east-2": us_bucket,
  "us-west-1": us_bucket,
  "us-west-2": us_bucket,
  "ca-central-1": us_bucket,
  # EU
  "eu-central-1": eu_bucket,
  "eu-central-1": eu_bucket,
  "eu-west-1": eu_bucket,
  "eu-west-2": eu_bucket,
  "eu-west-3": eu_bucket,
  "eu-north-1": eu_bucket,
}

def lambda_handler(event, context):
  request = event['Records'][0]['cf']['request']

  # Identify edge region
  lambda_region = context.invoked_function_arn.split(':')[3]

  # Get S3 bucket based on regions mapping
  domain_name = regions_mapping.get(lambda_region, default_bucket)
  bucket_region = domain_name.split('.')[2]

  # Update origin request object
  request['origin']['s3']['domainName'] = domain_name
  request['origin']['s3']['region'] = bucket_region 
  request['headers']['host'] = [{'key': 'host', 'value': domain_name}]

  return request
Amir Babic
answered 8 months ago
-1

Try using this code to get the region more effectively:

import os

def lambda_handler(event, context):
	runtime_region = os.environ['AWS_REGION']
AWS
vtjean
answered a year ago
  • foroozf001
    a year ago

    I'm afraid this doesn't adress the issue, but thanks for the input

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content