amazon-web-servicesaws-lambdaaws-cloudformation

Creating lambda function through CloudFormation by uploading code in s3 bucket

I have uploaded my function code (.zip) to the S3 bucket (in us-east-1 region). I want to launch a lambda function using the CloudFormation template. When I am launching the template from us-east-1 region, I am getting s3:getObject error. The s3 bucket is publicly accessible.

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-west-1'

I am using below below YAML template.

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  MediaSuiteRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "MyCustomRole"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: mediaconvert.amazonaws.com
            Action: sts:AssumeRole
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
          - Effect: Allow
            Principal:
              Service: translate.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        # AmazonAPIGatewayInvokeFullAccess
        - arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess
        # AmazonS3FullAccess
        - arn:aws:iam::aws:policy/AmazonS3FullAccess
        # AmazonTranscribeFullAccess
        - arn:aws:iam::aws:policy/AmazonTranscribeFullAccess
        # AWSElementalMediaConvertFullAccess
        - arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess
        # AWSLambdaBasicExecutionRole
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
        # AWSLambdaRole
        - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
        # TranslateFullAccess
        - arn:aws:iam::aws:policy/TranslateFullAccess

      Policies:
        - PolicyName: CustomPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "iam:PassRole"
                Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/MediaSuiteRole"

  MyCustomLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt MediaSuiteRole.Arn
      Code:
        S3Bucket: lambda-functions-storage
        S3Key: myfirstlambdafunction.zip
      Handler: myfirstlambdafunction.app.lambda_handler
      Runtime: python3.12
      Architectures:
        - x86_64
      Environment:
        Variables:
          CustomVar1: "52CD6067149FAA49B1698C1025ACC26B"
          CustomVar2: "52CD6067149FAA49B1698C1025ACC26C"
Solution

  • As per CloudFormation AWS Properties Lambda Function Code 

    S3Bucket
An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account

    Please try with creating new S3 bucket us-east-1 region, update CFN template with new bucket name and deploy.