Is the author's S3 bucket supposed to be public?

[michaeldoddgit]

When I try to deploy the CFT I get an error that I do not have permissions.

Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for blog-firewall-domain-list-manager-solution/domain-list-manager.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied

I'm not sure what S3 key its asking for.

[michaeldoddgit]

I've been working with AWS Support and neither of us can figure out why this always fails to deploy on the DomainListUpdater. It seems to be related to the bucket that contains the Lambda code. Even if we create a new bucket in S3, upload the .py code, specify the alias in the CFT as well as the alias to a KMS key created for said S3 bucket it still fails.

The text and default in the CFT about the "zip" file is confusing. We don't see a zip file anywhere in the solution, out only assumption is it must download the zip file from a public S3 bucket which is predefined in the default values as adding our own does not work.

[michaeldoddgit]

to help out the next guy. Take the .py Lambda that is provided in this repo. Zip it up using the name domain-list-manager.zip. Upload that Zip file to your S3 bucket. Specify the S3 bucket name (not ARN) in this CFT in 2nd to last parameter field. For the S3 key field in the CFT do nothing leave default.