“GetObject 时发生错误。S3 错误代码:PermanentRedirect。S3 错误消息:存储桶位于此区域:us-east-1

Posted

技术标签:

【中文标题】“GetObject 时发生错误。S3 错误代码:PermanentRedirect。S3 错误消息:存储桶位于此区域:us-east-1【英文标题】:"Error occurred while GetObject. S3 Error Code: PermanentRedirect. S3 Error Message: The bucket is in this region: us-east-1 【发布时间】:2022-01-05 17:19:28 【问题描述】:

我尝试关注这个研讨会https://gitflow-codetools.workshop.aws/en/,一切都很好,但是当我尝试使用 cloudformation 创建 lambda 时出现错误:

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: 
  PermanentRedirect. S3 Error Message: The bucket is in this region: 
  us-east-1. Please use this region to retry the request (Service: Lambda, 
  Status Code: 400, Request ID: xxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx, 
  Extended Request ID: null)" (RequestToken: xxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx, HandlerErrorCode: InvalidRequest)

我在本次研讨会中使用 eu-west-1,但我不明白为什么 cloudformation 在 us-east-1 中创建存储桶。

当我在 us-east-1 中部署 cloudformation 时,我没有收到此错误。

知道如何避免这个错误吗?

模板如下所示:

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  LambdaRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action: 'sts:AssumeRole'
      Path: /
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/IAMFullAccess
        - arn:aws:iam::aws:policy/AWSLambda_FullAccess
        - arn:aws:iam::aws:policy/AWSCodeCommitReadOnly
        - arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
        - arn:aws:iam::aws:policy/CloudWatchEventsFullAccess
        - arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
  PipelineCreateLambdaFunction:
    Type: 'AWS::Lambda::Function'
    Properties:
      FunctionName: 'gitflow-workshop-create-pipeline'
      Description: 'Lambda Function to create pipelines on branch creation'
      Code:
        S3Bucket: 'aws-workshop-gitflow'
        S3Key: 'pipeline-create.zip'
      Handler: 'pipeline-create.lambda_handler'
      Runtime: 'python3.7'
      Role:
        Fn::GetAtt:
          - LambdaRole
          - Arn
  PipelineCreateLambdaPermission:
    Type: 'AWS::Lambda::Permission'
    DependsOn: PipelineCreateLambdaFunction
    Properties:
      Action: 'lambda:InvokeFunction'
      Principal: "codecommit.amazonaws.com"
      FunctionName: 'gitflow-workshop-create-pipeline'
  PipelineDeleteLambdaFunction:
    Type: 'AWS::Lambda::Function'
    Properties:
      FunctionName: 'gitflow-workshop-delete-pipeline'
      Description: 'Lambda Function to delete pipelines on branch deletion'
      Code:
        S3Bucket: 'aws-workshop-gitflow'
        S3Key: 'pipeline-delete.zip'
      Handler: 'pipeline-delete.lambda_handler'
      Runtime: 'python3.7'
      Role:
        Fn::GetAtt:
          - LambdaRole
          - Arn
  PipelineDeleteLambdaPermission:
    Type: 'AWS::Lambda::Permission'
    DependsOn: PipelineDeleteLambdaFunction
    Properties:
      Action: 'lambda:InvokeFunction'
      Principal: "codecommit.amazonaws.com"
      FunctionName: 'gitflow-workshop-delete-pipeline'

【问题讨论】:

【参考方案1】:

首先,Lambda 和 S3 需要在同一个区域。

其次,看起来您不是存储桶所有者(您还没有通过查看模板自己创建存储桶)。

这意味着,您用于从中检索 Lambda 源代码的存储桶是(我想来自研讨会),他们决定在 us-east-1 区域创建该存储桶。强制您在区域 us-east-1 中部署您的堆栈(如果您想关注研讨会)。

但如果您真的想将此堆栈部署到 eu-west-1 怎么办?

这意味着您需要在区域 eu-west-1 中创建一个存储桶,并将车间存储桶中的对象复制到您新创建的存储桶中,并更新您的 CloudFormation 模板以指向和检索新创建的 Lambda 源代码存储桶(请注意,您可能需要以不同的方式命名存储桶,因为存储桶名称是全局共享的)。

我希望这有点清楚。

【讨论】:

没错,我同意你的观点,研讨会应该创建一个带有自定义存储桶名称的模板,您可以在其中使用例如存储桶名称区域帐户ID,这样我们可以避免这个问题。感谢您的明确答复。 祝你好运,在研讨会上玩得开心! @Doesn'tMatter

以上是关于“GetObject 时发生错误。S3 错误代码:PermanentRedirect。S3 错误消息:存储桶位于此区域:us-east-1的主要内容,如果未能解决你的问题,请参考以下文章