By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Getting S3 error: Domain name specified in [xxxxxxxxx] is not a valid S3 domain when pasting S3 URL for the template from S3 bucket of a conduit account in Create Stack Tab for my account.

0

I am trying to create a stack with template I am using from another conduit account (Account1) to my account. When copying the S3 URL from the location of the template and pasting it into my stack creation tab in Cloudformation, I am getting the following error: S3 error: Domain name specified in [xxxxxxxxx] is not a valid S3 domain. Initially, I was getting this error: s3 error access denied for more information check http://docs.aws.amazon.com/amazons3/latest/api/errorresponses.html I want to understand what is causing this error? Any help is appreciated.

Topics
Management & Governance
Tags
AWS CloudFormationAWS Account Management
Language
English
bhanuvsp
asked 21 days ago312 views
1 Answer
2

Hello.

If you select "Amazon S3 URL" when creating a stack in the CloudFormation console, the URL must start with https:// and not an s3 URI.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-template.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html

In other words, I think you can use it by specifying the object URL as shown below.

https://<bucket name>.s3.<region>.amazonaws.com/xxxxx.yaml
profile picture
EXPERT
Riku_Kobayashi
answered 21 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 21 days ago
  • bhanuvsp
    21 days ago

    Thank you. It got through the first error. When I try the object URL which is of the format you suggested, I am now getting the "s3 error access denied for more information check http://docs.aws.amazon.com/amazons3/latest/api/errorresponses.html" error. What should I do at this point?

  • Riku_Kobayashi EXPERT
    21 days ago

    This is probably because the S3 bucket where Account1's CloudFormation template is uploaded cannot be accessed. I think this can be resolved by enabling S3 public access or setting up a cross-account IAM role.

  • Riku_Kobayashi EXPERT
    21 days ago

    If you want to set the S3 bucket for public access, you can use it by disabling the bucket policy and public access block settings below.

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::s3-bucket-name/*"
        }
    ]
}

    When configuring cross-account settings, the following documents may be helpful. https://repost.aws/knowledge-center/cross-account-access-s3

  • bhanuvsp
    21 days ago

    Thank you so much! I will work on this and post updates here.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content