2017-10-14 5 views
0

CloudFormation StackSet을 사용하여 여러 AWS 계정 및 지역에 람다 함수를 배포하려고합니다. 하지만 아래의 오류로 인해 실패했습니다CloudFormation StackSet S3 오류 : 'us-east-1'영역이 잘못되었습니다. 예상 'ap-southeast-1'

ResourceLogicalId:OfficeHoursAutoScalingStart, ResourceType:AWS::Lambda::Function, ResourceStatusReason:Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'ap-southeast-1'

그것은 권한이있는 것 같습니다. 어떻게 해결할 수 있습니까?

내 템플릿 : 당신은 AWS 지역 ap-southeast-1에서 (템플릿에 변수 ArtifactsBucket에 의해 참조)을 S3 버킷을 만든 것처럼

AWSTemplateFormatVersion : '2010-09-09' 
Description: 'Skynet. AWS Management Assistant' 
Parameters: 
    AppName: 
    Type: String 
    Description: Prefix for resources 
    Default: skynet-lambda-stackset 
    ArtifactsBucket: 
    Type: String 
    Description: S3 bucket storing lambda function zip 
    ArtifactZipPath: 
    Type: String 
    Description: Path to lambda function zip 
    CostCenter: 
    Type: String 
    Description: Cost center 
    Default: Admin 
    Owner: 
    Type: String 
    Description: Owner 
    Default: Jiew Meng 

Resources: 
    LambdaRole: 
    Type: AWS::IAM::Role 
    Properties: 
     RoleName: !Sub '${AppName}-lambda' 
     AssumeRolePolicyDocument: 
     Version: '2012-10-17' 
     Statement: 
     - Effect: Allow 
      Principal: 
      Service: 
       - lambda.amazonaws.com 
       - apigateway.amazonaws.com 
      Action: 
      - sts:AssumeRole 
     ManagedPolicyArns: 
     - 'arn:aws:iam::aws:policy/AmazonEC2FullAccess' 
     - 'arn:aws:iam::aws:policy/AWSLambdaFullAccess' 
     - 'arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess' 
     - 'arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess' 
     - 'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess' 

    NewEc2AutoTag: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/newEc2_autoTag.handler 
     Runtime: nodejs6.10 
     FunctionName: 'NewEC2_AutoTag' 
     Description: 'Auto tag new EC2 instances with Owner tag' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    NewEc2Event: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-newEc2 
     Description: On new EC2 instance created 
     EventPattern: 
     source: 
      - 'aws.ec2' 
     detail-type: 
      - 'AWS API Call via CloudTrail' 
     detail: 
      eventName: 
      - RunInstances 
     Targets: 
     - !Ref NewEc2AutoTag 

    AfterhoursEc2Shutdown: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/afterHours_shutdown.handler 
     Runtime: nodejs6.10 
     FunctionName: 'Afterhours_Shutdown' 
     Description: 'Shutdown instances tagged Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    AfterHoursEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-afterHours 
     Description: Triggered on weekdays 2400 SGT 
     ScheduleExpression: cron(0 16 ? * MON,TUE,WED,THUR,FRI *) 
     Targets: 
     - !Ref AfterhoursEc2Shutdown 
     - !Ref AfterhoursAutoScalingShutdown 

    OfficeHoursEc2Start: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/officeHours_start.handler 
     Runtime: nodejs6.10 
     FunctionName: 'OfficeHours_Start' 
     Description: 'Starts instances with Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    OfficeHoursEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-officeHours 
     Description: Triggered on 7AM SGT weekdays 
     ScheduleExpression: cron(0 23 ? * SUN,MON,TUE,WED,THU *) 
     Targets: 
     - !Ref OfficeHoursEc2Start 
     - !Ref OfficeHoursAutoScalingStart 

    StartedEc2ConfigureDns: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/started_configureDns.handler 
     Runtime: nodejs6.10 
     FunctionName: 'StartedEc2_ConfigureDns' 
     Description: 'When EC2 started, configure DNS if required' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    Ec2StartedEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-ec2-started 
     Description: Triggered on EC2 starts 
     EventPattern: 
     source: 
      - 'aws.ec2' 
     detail-type: 
      - 'EC2 Instance State-change Notification' 
     detail: 
      state: 
      - running 
     Targets: 
     - !Ref StartedEc2ConfigureDns 

    AfterhoursAutoScalingShutdown: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/afterHours_shutdown.handler 
     Runtime: nodejs6.10 
     FunctionName: 'Afterhours_AutoScalingShutdown' 
     Description: 'Scales down autoscaling groups tagged Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    OfficeHoursAutoScalingStart: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/officeHours_start.handler 
     Runtime: nodejs6.10 
     FunctionName: 'OfficeHours_AutoScalingStart' 
     Description: 'Scales up auto scaling groups that are scaled down to 0 and tagged autostart: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    NewAutoScalingGroupEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-autoscaling-new 
     Description: Triggered when new autoscaling group created 
     EventPattern: 
     source: 
      - 'aws.autoscaling' 
     detail-type: 
      - 'AWS API Call via CloudTrail' 
     detail: 
      eventName: 
      - CreateAutoScalingGroup 
     Targets: 
     - !Ref NewAutoScalingGroupAutoTag 

    NewAutoScalingGroupAutoTag: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/new_autoTag.handler 
     Runtime: nodejs6.10 
     FunctionName: 'NewAutoScalingGroup_AutoTag' 
     Description: 'Tags new autoscaling groups with owner and autoshutdown tags if not existing' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

답변

2

보인다.

AWS Stacksets를 사용하여, 당신은 배포 주문에있는 지역 중 하나로서 us-east-1을 선택했습니다.

AWS 스택 세트는 동일한 매개 변수을 여러 지역/계정에서 생성하려고 시도하는 모든 스택에 전달합니다.

따라서 us-east-1 영역에 람다 함수 OfficeHoursAutoScalingStart을 만들려고 할 때 us-east-1 영역의 s3 버킷 (GETObject 요청)에 동일한 버킷 이름으로 액세스하려고합니다.

즉. 이름이 ArtifactsBucket 인 s3 버킷이 us-east-1 자체에 있다고 가정합니다. 그러나 람다 함수의 소스 코드는 실제로 ap-southeast-1 영역에있는 버킷에 있으므로 header malformed error이 발생합니다. 이 경우 버킷 이름은 일치하지만 영역은 일치하지 않습니다.

현재 CloudFormation을 사용하여 람다 함수를 만들 때 은 람다 함수의 소스 코드가 포함 된 S3 버킷이 사용자가 만드는 스택과 동일한 영역에 있어야한다는 제한이 있습니다. Doc Reference Link

이것이 문제인 경우 수정 사항으로 필수 영역에서 s3 버킷 (버킷 이름의 접두사로 영역 이름 추가)을 만든 다음 해당 영역을 기반으로하는 템플릿에서 사용할 수 있습니다 .

Example: 
us-east-1-lambdabkt 
us-east-2-lambdabkt 
ap-southeast-1-lambdabkt 
+0

나는 당신의 제안으로 이미 오류를 해결했다. 하지만 이제 다른 사용 권한 오류가 발생합니다. https://stackoverflow.com/questions/46751355/aws-cloudformation-stackset-s3-accessdenied 아마 도움을 줄 수 있습니다. :) –