Get Error when run the cloud formation in me-south-1

[adelmuharraqi]

Error occurred while GetObject. S3 Error Code: IllegalLocationConstraintException. S3 Error Message: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 995f16d2-cdbc-4e7b-a304-241c05f652e2)

[RaviPrasadS]

120

[aijunpeng]

Are you using a unique Amazon S3 bucket name and is the bucket in the same region where you deploy the solution?

[RaviPrasadS]

Yes, template uploaded in cloudformation (unique S3 bucket) in same region.

[aijunpeng]

A few more questions:

1. Is the issue only happening in me-south-1 region?
2. Are you updating stack or deploying a new stack?
3. Is the s3 bucket a new bucket or existing bucket?
4. What are the value selections for input parameters of your stack?

[ozcan-ozkaya]

Hi, I'm having the same error in eu-west-1

[RaviPrasadS]

1. Yes.
2. Creating new cloudformation stack in me-south-1 region.
3. Existing s3 buckets for cloudformation & ALB access logs.
4. Default values (yes) , endpoint type ALB selected & access log s3 bucket name specified.

[dsc-team]

For this solution to work in cloudfront mode, you have to create stack in N.Virginia, and upload all your templates and lambda code in a bucket in n.Virginia as well.

Could you confirm the buckets you use to upload sources and CFN templates are in the same region as the stack you're creating ?

[RaviPrasadS]

Try to create new stack by uploading template in me-south-1 region to view the error.

[ozcan-ozkaya]

I have created and uploaded templates and codes in the same region as launched cloudformation stack in the same region, my case is eu-west-1

[aijunpeng]

The reason for the error in me-south-1 region is because the solution isn't officially supported in this new region, but it is on our roadmap. For issue in eu-west-1, please answer these questions:

1. Share your error message and screenshot
2. Are you using a unique Amazon S3 bucket name and is the bucket in the same region where you deploy the solution?
3. Are you updating stack or deploying a new stack?
4. Is the s3 bucket a new bucket or existing bucket?
5. What are the value selections for input parameters of your stack?

[ozcan-ozkaya]

Hi @aijunpeng thanks for your reply.

1. The error screenshot:

   

2. Yes I'm using 3 buckets, 1 for global assets (CF) templates, 1 bucket for regional assets (dist), 1 bucket for AppAccessLogBucket, all newly created for this deployment; I have uploaded a dummy file into AppAccessLogBucket just in case, and all buckets are in eu-west-1 as CF deployment

3. deploying new stack

4. I have created 3 buckets as per 2nd point for this deployment, and not public buckets

5. Parameters and values: ActivateBadBotProtectionParam yes ActivateCrossSiteScriptingProtectionParam yes ActivateHttpFloodProtectionParam yes - AWS WAF rate based rule ActivateReputationListsProtectionParam yes ActivateScannersProbesProtectionParam yes - AWS Lambda log parser ActivateSqlInjectionProtectionParam. yes AppAccessLogBucket previously created bucket name EndpointType ALB ErrorThreshold 50 RequestThreshold 150 WAFBlockPeriod 240

[aijunpeng]

Thanks for your response. It seems your have a different error and it complains about bucket not existing. Please make sure s3 bucket exists and the assets in bucket should be publicly accessible. You can also try launch the solution from the solution website: https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/deployment.html

[CameronMcAuley]

@ozcan-ozkaya Your issue is different and I suspect is related to the DIST variable mentioned here: https://github.com/awslabs/aws-waf-security-automations/issues/154

[aijunpeng]

Added #154 to backlog