Issue with S3 bucket location constraint

[brianwthomas]

There's an issue with setting the S3 client region in the custom-resource.py file when using older buckets in eu-west-1 region.

https://github.com/awslabs/aws-waf-security-automations/blob/master/source/custom-resource/custom-resource.py

We need to change this:

if response['LocationConstraint'] == None:
    response['LocationConstraint'] = 'us-east-1'
if response['LocationConstraint'] != region:
    raise Exception('Bucket located in a different region. S3 bucket and Log Parser Lambda (and therefore, you CloudFormation Stack) must be created in the same Region.')

To

if response['LocationConstraint'] == None:
    response['LocationConstraint'] = 'us-east-1'
if response['LocationConstraint'] == 'EU':
    response['LocationConstraint'] = 'eu-west-1'
if response['LocationConstraint'] != region:
    raise Exception('Bucket located in a different region. S3 bucket and Log Parser Lambda (and therefore, you CloudFormation Stack) must be created in the same Region.')

see the S3 region constraints located here: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region eu-west-1 is a special case which can return either eu-west-1 or EU as a location constraint.

[hvital]

Thanks for that catch @brianwthomas !

I've considered just the exception of 'us-east-1' and didn't have any only 'EU' in our testing environment.

Added to be included in the next release!

[hvital]

@brianwthomas

New check added here.

Please note that we've moved all dependencies and pre-req check to be validated before creating other template's resources. More info here