Getting S3 error: Domain name specified in [*********] is not a valid S3 domain when pasting S3 URL for the template from S3 bucket of a conduit account in Create Stack Tab for my account.

0

I am trying to create a stack with template I am using from another conduit account (Account1) to my account. When copying the S3 URL from the location of the template and pasting it into my stack creation tab in Cloudformation, I am getting the following error: S3 error: Domain name specified in [*********] is not a valid S3 domain. Initially, I was getting this error: s3 error access denied for more information check http://docs.aws.amazon.com/amazons3/latest/api/errorresponses.html I want to understand what is causing this error? Any help is appreciated.

asked 6 months ago3197 views
1 Answer
2

Hello.

If you select "Amazon S3 URL" when creating a stack in the CloudFormation console, the URL must start with https:// and not an s3 URI.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-template.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html

In other words, I think you can use it by specifying the object URL as shown below.

https://<bucket name>.s3.<region>.amazonaws.com/*****.yaml
profile picture
EXPERT
answered 6 months ago
profile picture
EXPERT
reviewed 6 months ago
  • Thank you. It got through the first error. When I try the object URL which is of the format you suggested, I am now getting the "s3 error access denied for more information check http://docs.aws.amazon.com/amazons3/latest/api/errorresponses.html" error. What should I do at this point?

  • This is probably because the S3 bucket where Account1's CloudFormation template is uploaded cannot be accessed. I think this can be resolved by enabling S3 public access or setting up a cross-account IAM role.

  • If you want to set the S3 bucket for public access, you can use it by disabling the bucket policy and public access block settings below.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "s3:GetObject",
                    "s3:GetObjectVersion"
                ],
                "Resource": "arn:aws:s3:::s3-bucket-name/*"
            }
        ]
    }
    

    When configuring cross-account settings, the following documents may be helpful. https://repost.aws/knowledge-center/cross-account-access-s3

  • Thank you so much! I will work on this and post updates here.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions