DeploymentBucket not working when not in us-east-1

sdeusch · January 15, 2020, 1:19am

We have a IAM policy that allows resources only in us-west-2 region.

Whenever I run ‘sls deploy’ telling the framework to use a pre-existing bucket with:

provider:
     deploymentBucket: 
          name:  mydeployment-bucket-in-us-west-2

it uploads the zip files to the bucket, so far so good.
But when AWS cloud-formation validates the stack creation it fails with the error:

Error: The CloudFormation template is invalid: S3 error: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.

The framework is trying to access the template from this URL

https://s3.amazonaws.com/mybucket/serverless/…/compiled-cloudformation-template.json

while the correct URL for us-west-2 would be

https://s3-us-west-2.amazonaws.com/mybucket/serverless/…/compiled-cloudformation-template.json

Am I forgetting something in serverless, or is this a bug/unsupported feature?

sdeusch · January 16, 2020, 4:43am

Update: removing a policy that required MFA (multi factor authentication) for that user made SLS work.
Having a MFA requirement on a user apparently can mess up API access.

camhart · May 7, 2021, 8:09pm

This appears to be the case with SourceIp restrictions as well… which is disappointing.

Topic		Replies	Views
Can not deploy at us-west-1 Serverless Framework aws	5	1848	December 19, 2016
Deploy only works for us-east-1 Serverless Framework	1	2229	July 17, 2017
Deploy Lambda Function Into new region Serverless Framework	8	10527	October 16, 2017
An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied Serverless Framework	2	7241	September 19, 2020
New resource is not getting deployed, no errors Serverless Framework	4	1760	May 12, 2019

DeploymentBucket not working when not in us-east-1

Related Topics