By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3 bucket replication failed due to Destination bucket must exist (Service: Amazon S3; Status Code: 400; Error Code: InvalidRequest) error , but the destination bucket is existing .

0

I am giving replication configuration to the s3 bucket but getting Destination bucket must exist Service: Amazon S3; Status Code: 400 error even if the destination bucket is existing . Source bucket is in eu-west-1 region and destination bucket is in us-east-1 region .Getting this error while deploying in Cloudformation stack. I am able to give replication configuration with the same destination bucket through console.Below is the code for s3 and replication configuration.

S3BucketMap:
    test :
      s3BucketArn : "arn:aws:s3:::mybucket-test"
      s3BucketAllObjectsArn : "arn:aws:s3:::mybucket-test/*"
    beta :
      s3BucketArn : "arn:aws:s3:::mybucket-beta"
      s3BucketAllObjectsArn: "arn:aws:s3:::mybucket-beta/*"
    prod :
      s3BucketArn : "arn:aws:s3:::mybucket-prod"
      s3BucketAllObjectsArn: "arn:aws:s3:::mybucket-prod/*"

TestS3Bucket:
  Type: 'AWS::S3::Bucket'
  DeletionPolicy: Retain
  Properties:
    BucketName: {"Fn::Sub": "test-s3-bucket-${Stage}"}
    PublicAccessBlockConfiguration:
      BlockPublicAcls: Yes
      BlockPublicPolicy: Yes
      IgnorePublicAcls: Yes
      RestrictPublicBuckets: Yes
    VersioningConfiguration:
      Status: Enabled
    ReplicationConfiguration:
      Role: !GetAtt ReplicationBucketRole.Arn
      Rules:
        - Prefix: ""
          Id: ReplicationRule
          Status: Enabled
          Destination:
            Bucket: { Fn::FindInMap: [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketArn" ] }

ReplicationBucketRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Action: [ "sts:AssumeRole" ]
          Effect: Allow
          Principal:
            Service: [ "s3.amazonaws.com" ]

ReplicationBucketPolicy:
  Type: AWS::IAM::Policy
  Properties:
    PolicyName: ReplicationBucketPolicy
    Roles: [ !Ref ReplicationBucketRole ]
    PolicyDocument:
      Statement:
        - Action:
            - s3:ListBucket
            - s3:GetObjectVersionForReplication
            - s3:GetReplicationConfiguration
            - s3:GetObjectVersionAcl
            - s3:GetObjectVersionTagging
          Effect: Allow
          Resource:
            - !Sub "arn:aws:s3:::${TestS3Bucket}"
            - !Sub "arn:aws:s3:::${TestS3Bucket}/*"
        - Action:
            - s3:ReplicateObject
            - s3:ReplicateDelete
            - s3:ReplicateTags
            - s3:GetObjectVersionTagging
            - s3:ObjectOwnerOverrideToBucketOwner
          Effect: Allow
          Resource: { Fn::FindInMap: [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketAllObjectsArn" ] }
Topics
StorageManagement & GovernanceSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceAWS Command Line InterfaceAWS CloudFormationStorageIAM Policies
Language
English
rePost-User-6875368
asked a year ago1113 views
1 Answer
0

Hi,

I'm not familiar with CloudFormation, but where does CF find the variable Stage ? => [ 'S3BucketMap', { Ref: 'Stage' } ,"s3BucketArn" ]

profile picture
Donov
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content