AWS CLI - Create s3 bucket from Linux error - amazon-web-services

I'm using AWS CLI to create the S3 bucket.
I have installed the AWS CLI and running following command to create the bucket
aws s3 mb s3://Test-sam-bucket --region us-west-1
Error:
make_bucket failed: s3://Test-sam-bucket An error occurred (InvalidBucketName) when calling the CreateBucket operation: The specified bucket is not valid.
also, I have tried with:
aws s3 mb s3://sambucket --region us-west-1
Error:
make_bucket failed: s3://sambucket An error occurred (BucketAlreadyExists) when calling the CreateBucket operation: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.
What am I doing wrong please help

Regarding the first point where you are taking Test-sam-bucket name:
do not use any special character between the bucket name, simply use testsambucket that would surely work with you.
Regarding your second point where you are getting the BucketAlreadyExists message:
It is because the S3 bucket name is global namespace in S3 shared by another S3 user as well. Therefore, it has been unique at the global level.
You can try with your own custom unique names like some combination of your teamName+BucketName or something else.
The issue with Test-sam-bucket is that the first character can not be an upper case in bucket name, it can either be a lower case character or number. We can have hyphens in bucket names. More details about the restrictions can be found here: docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html

Related

An error occurred (IllegalLocationConstraintException) when attempting to run 's3 mb' command

I'm new to using AWS & I'm running into a very persistent error.
make_bucket failed: s3://bucket-name An error occurred (IllegalLocationConstraintException) when calling the CreateBucket operation: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to.
I honestly have no idea why this error pops up. I have given my EC2 instance full access to S3, so I should have the permission to create new buckets in S3.
I ran the command:
aws s3 mb s3://bucket-name
and I kept on running it and getting this same error.
I tried to run this command instead:
aws s3 mb s3://bucket-name --region us-east-1
and I STILL kept on getting this error.
I'm stuck here and I'd appreciate any assistance I can get :)
Edit: It was the bucket name. Apparently it has to be unique in the sense that no other bucket can exist with the same name.

Amazon S3 Access Denied when calling aws lambda publish-layer-version CLI

I tried to run aws lambda publish-layer-version command line in my local console using my personal aws credentials, but I've got an Amazon S3 Access Denied error for the bucket in which the zip layer is stored.
aws lambda publish-layer-version --layer-name layer_name --content S3Bucket=bucket_name,S3Key=layers/libs.zip
An error occurred (AccessDeniedException) when calling the PublishLayerVersion operation: Your access has been denied by S3, please make sure your request credentials have permission to GetObject for {URI of layer in my S3 bucket}. S3 Error Code: AccessDenied. S3 Error Message: Access Denied
When I'm running the aws cp command in the same bucket, it all works perfectly fine
aws s3 cp s3://bucket_name/layers/libs.zip libs.zip
So I assume that the aws lambda command line is using an other role than the one used when I'm running the aws cp command line ? Or maybe it uses another mecanism that I just don't know. But I couldn't find any thing about it in the AWS documentation.
I've just read that AWS can return a 403 it couldn't find the file. So maybe it could be an issue with the command syntax ?
Thank you for your help.
For your call to publish-layer-version you may need to specify the --content parameter with 3 parts:
S3Bucket=string,S3Key=string,S3ObjectVersion=string
It looks like you are missing S3ObjectVersion. I don't know what the AWS behavior is for evaluating and applying the parts of that parameter, but it could be attempting to do something more since the version is not specified and hence giving you that error. Or it could be returning an error code that is not quite right and is misleading. Try adding S3ObjectVersion and let me know what you get.
Otherwise, AWS permission evaluation can be complex. I like this AWS diagram below, so it is a good one to follow to track down permissions issues, but I suspect that AccessDenied is a bit of a red herring in this case:
Your Lambda does not have privileges (S3:GetObject).
Try running aws sts get-caller-identity. This will give you the IAM role your command line is using.
Go to IAM dashboard, check this role associated with your Lambda execution. If you use AWS wizard, it automatically creates a role called oneClick_lambda_s3_exec_role. Click on Show Policy. It will look something like attached image.Make sure S3:GetObject is listed.
Also, AWS returns 403 (access denied) when the file does not exist. Be sure the target file is in the S3 bucket.

Regular pattern error for Amazon Rekognition index-faces method calling from S3 [duplicate]

I am attempting the following tutorial
https://aws.amazon.com/blogs/machine-learning/easily-perform-facial-analysis-on-live-feeds-by-creating-a-serverless-video-analytics-environment-with-amazon-rekognition-video-and-amazon-kinesis-video-streams/
So I replaced some part with my own bucket and key(file) name:
aws rekognition index-faces --image "{\"S3Object\":{\"Bucket\":\"testbucket\",\"Name\":\"testfile.png\"}}" --collection-id=rekVideoBlog --detection-attributes=ALL --external-image-id=Andy --region us-west-2
(assume testbucket is my bucket name and testfile is the file I uploaded and made public). Is this correct?
I have made sure to set the bucket and object public etc but I keep getting an error:
An error occurred (InvalidS3ObjectException) when calling the IndexFaces operation: Unable to get object metadata from S3. Check object key, region and/or access permissions.
I also tried to access my bucket using:
aws s3 ls s3://testbucket
and I am able to display the content fine
are you currently facing this error : "An error occurred (InvalidS3ObjectException) when calling the IndexFaces operation: Unable to get object metadata from S3. Check object key, region and/or access permissions"?
I was able to run the sample Amazon Rekognition CLI command "index-faces" from the Amazon Rekogniton tutorial without any error as illustrated in the screenshot below :
Here's some tips for consideration in-case anyone else runs into this issue :
Make sure both S3 & Rekognition are using the same region i.e S3 bucket should be created in the same region as where Rekognition collection was created.
Since Amazon Rekognition supports both .jpg and .png formats, make sure the file name & format referenced in the CLI “index-faces” command matches the actual file in your S3 bucket.
Hope this helps.

InvalidS3ObjectException when calling the IndexFaces operation

I am attempting the following tutorial
https://aws.amazon.com/blogs/machine-learning/easily-perform-facial-analysis-on-live-feeds-by-creating-a-serverless-video-analytics-environment-with-amazon-rekognition-video-and-amazon-kinesis-video-streams/
So I replaced some part with my own bucket and key(file) name:
aws rekognition index-faces --image "{\"S3Object\":{\"Bucket\":\"testbucket\",\"Name\":\"testfile.png\"}}" --collection-id=rekVideoBlog --detection-attributes=ALL --external-image-id=Andy --region us-west-2
(assume testbucket is my bucket name and testfile is the file I uploaded and made public). Is this correct?
I have made sure to set the bucket and object public etc but I keep getting an error:
An error occurred (InvalidS3ObjectException) when calling the IndexFaces operation: Unable to get object metadata from S3. Check object key, region and/or access permissions.
I also tried to access my bucket using:
aws s3 ls s3://testbucket
and I am able to display the content fine
are you currently facing this error : "An error occurred (InvalidS3ObjectException) when calling the IndexFaces operation: Unable to get object metadata from S3. Check object key, region and/or access permissions"?
I was able to run the sample Amazon Rekognition CLI command "index-faces" from the Amazon Rekogniton tutorial without any error as illustrated in the screenshot below :
Here's some tips for consideration in-case anyone else runs into this issue :
Make sure both S3 & Rekognition are using the same region i.e S3 bucket should be created in the same region as where Rekognition collection was created.
Since Amazon Rekognition supports both .jpg and .png formats, make sure the file name & format referenced in the CLI “index-faces” command matches the actual file in your S3 bucket.
Hope this helps.

`An error occurred (InvalidToken) when calling the ListBuckets operation: The provided token is malformed or otherwise invalid.` w/`aws s3 ls`

I successfully authenticate with 2 factor but when using aws s3 ls I keep getting
An error occurred (InvalidToken) when calling the ListBuckets operation: The provided token is malformed or otherwise invalid.
And I do have admin rights.
Issue was that I wasn't passing the --region in. e.g. aws s3 --region us-gov-west-1 ls. I suppose this could be set with an ENV variable too. That error message is a candidate for improvement.
This error also occurs when aws cli reads the aws_session_token and aws_security_token declared in the ~/.aws file, which might be associated to a previously used account. Removing both and leaving just the key and the credentials associated to the account where the bucket is will force aws to establish the connection.
Please delete .aws/credentials file from your users account and reconfigure your aws cli.
If you already associated with another account then there are high chances of this type of error.
Run aws configure
You may leave access key and access key id blank if you have an IAM role attached
Set value for 'region'
Now you will be able to successfully run 'aws s3 ls'
Else run 'aws s3 ls --region '
If you are using AWS Single Sign-on you can pass --profile <profile_name> and it should solve the issue
In the .aws credentials file remove session token and it will work