CloudFormation StackSet S3エラー： 'us-east-1'の領域が間違っています。 expecting 'ap-southeast-1'

Question

CloudFormation StackSetを使用して複数のAWSアカウントと地域にラムダ関数をデプロイしようとしています。しかし、以下のエラーのために失敗しました

ResourceLogicalId:OfficeHoursAutoScalingStart, ResourceType:AWS::Lambda::Function, ResourceStatusReason:Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'ap-southeast-1'

それは許可のようですか？これをどうやって解決するのですか？

マイテンプレート：あなたはAWS地域ap-southeast-1に（自分のテンプレートで変数ArtifactsBucketによって参照）S3バケットを作成しているよう

AWSTemplateFormatVersion : '2010-09-09' 
Description: 'Skynet. AWS Management Assistant' 
Parameters: 
    AppName: 
    Type: String 
    Description: Prefix for resources 
    Default: skynet-lambda-stackset 
    ArtifactsBucket: 
    Type: String 
    Description: S3 bucket storing lambda function zip 
    ArtifactZipPath: 
    Type: String 
    Description: Path to lambda function zip 
    CostCenter: 
    Type: String 
    Description: Cost center 
    Default: Admin 
    Owner: 
    Type: String 
    Description: Owner 
    Default: Jiew Meng 

Resources: 
    LambdaRole: 
    Type: AWS::IAM::Role 
    Properties: 
     RoleName: !Sub '${AppName}-lambda' 
     AssumeRolePolicyDocument: 
     Version: '2012-10-17' 
     Statement: 
     - Effect: Allow 
      Principal: 
      Service: 
       - lambda.amazonaws.com 
       - apigateway.amazonaws.com 
      Action: 
      - sts:AssumeRole 
     ManagedPolicyArns: 
     - 'arn:aws:iam::aws:policy/AmazonEC2FullAccess' 
     - 'arn:aws:iam::aws:policy/AWSLambdaFullAccess' 
     - 'arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess' 
     - 'arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess' 
     - 'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess' 

    NewEc2AutoTag: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/newEc2_autoTag.handler 
     Runtime: nodejs6.10 
     FunctionName: 'NewEC2_AutoTag' 
     Description: 'Auto tag new EC2 instances with Owner tag' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    NewEc2Event: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-newEc2 
     Description: On new EC2 instance created 
     EventPattern: 
     source: 
      - 'aws.ec2' 
     detail-type: 
      - 'AWS API Call via CloudTrail' 
     detail: 
      eventName: 
      - RunInstances 
     Targets: 
     - !Ref NewEc2AutoTag 

    AfterhoursEc2Shutdown: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/afterHours_shutdown.handler 
     Runtime: nodejs6.10 
     FunctionName: 'Afterhours_Shutdown' 
     Description: 'Shutdown instances tagged Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    AfterHoursEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-afterHours 
     Description: Triggered on weekdays 2400 SGT 
     ScheduleExpression: cron(0 16 ? * MON,TUE,WED,THUR,FRI *) 
     Targets: 
     - !Ref AfterhoursEc2Shutdown 
     - !Ref AfterhoursAutoScalingShutdown 

    OfficeHoursEc2Start: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/officeHours_start.handler 
     Runtime: nodejs6.10 
     FunctionName: 'OfficeHours_Start' 
     Description: 'Starts instances with Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    OfficeHoursEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-officeHours 
     Description: Triggered on 7AM SGT weekdays 
     ScheduleExpression: cron(0 23 ? * SUN,MON,TUE,WED,THU *) 
     Targets: 
     - !Ref OfficeHoursEc2Start 
     - !Ref OfficeHoursAutoScalingStart 

    StartedEc2ConfigureDns: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: ec2/started_configureDns.handler 
     Runtime: nodejs6.10 
     FunctionName: 'StartedEc2_ConfigureDns' 
     Description: 'When EC2 started, configure DNS if required' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    Ec2StartedEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-ec2-started 
     Description: Triggered on EC2 starts 
     EventPattern: 
     source: 
      - 'aws.ec2' 
     detail-type: 
      - 'EC2 Instance State-change Notification' 
     detail: 
      state: 
      - running 
     Targets: 
     - !Ref StartedEc2ConfigureDns 

    AfterhoursAutoScalingShutdown: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/afterHours_shutdown.handler 
     Runtime: nodejs6.10 
     FunctionName: 'Afterhours_AutoScalingShutdown' 
     Description: 'Scales down autoscaling groups tagged Auto Shutdown: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    OfficeHoursAutoScalingStart: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/officeHours_start.handler 
     Runtime: nodejs6.10 
     FunctionName: 'OfficeHours_AutoScalingStart' 
     Description: 'Scales up auto scaling groups that are scaled down to 0 and tagged autostart: true' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

    NewAutoScalingGroupEvent: 
    Type: AWS::Events::Rule 
    Properties: 
     Name: !Sub ${AppName}-autoscaling-new 
     Description: Triggered when new autoscaling group created 
     EventPattern: 
     source: 
      - 'aws.autoscaling' 
     detail-type: 
      - 'AWS API Call via CloudTrail' 
     detail: 
      eventName: 
      - CreateAutoScalingGroup 
     Targets: 
     - !Ref NewAutoScalingGroupAutoTag 

    NewAutoScalingGroupAutoTag: 
    Type: AWS::Lambda::Function 
    Properties: 
     Code: 
     S3Bucket: !Ref ArtifactsBucket 
     S3Key: !Ref ArtifactZipPath 
     Handler: autoscaling/new_autoTag.handler 
     Runtime: nodejs6.10 
     FunctionName: 'NewAutoScalingGroup_AutoTag' 
     Description: 'Tags new autoscaling groups with owner and autoshutdown tags if not existing' 
     Timeout: 30 
     Role: !GetAtt LambdaRole.Arn 
     Tags: 
     - Key: Cost Center 
      Value: !Ref CostCenter 
     - Key: Owner 
      Value: !Ref Owner 

Answer 1

が見えます。

AWS Stacksetsを使用して、あなたは展開順序に地域の一つとしてus-east-1を選択しました。

AWSスタックセットは、SAMEパラメータを、複数の地域/アカウントで作成しようとしているすべてのスタックに渡します。

したがって、us-east-1領域にラムダ関数OfficeHoursAutoScalingStartを作成しようとすると、us-east-1領域内のs3バケット（GETObject要求）に同じバケット名でアクセスしようとしています。

ie。 ArtifactsBucketパラメータを渡したs3バケットがus-east-1自体に存在すると仮定していますが、ラムダ関数のソースコードは実際には領域ap-southeast-1にあるバケットにあるので、header malformed errorがスローされます。この場合、バケット名は一致していますが、領域は一致していません。

現在、CloudFormationを使用してラムダ関数を作成する場合、には、ラムダ関数のソースコードを含むS3バケットが、作成するSTACKと同じ領域になければならないという制約があります。Doc Reference Link

これが問題であれば、必要な領域でs3バケット（バケット名のプレフィックスとしてregion-nameを追加）を作成し、その領域に基づいてテンプレートで使用することが考えられます。

Example: 
us-east-1-lambdabkt 
us-east-2-lambdabkt 
ap-southeast-1-lambdabkt