An error occurred (IllegalLocationConstraintException) when calling the CreateBucket operation - amazon-web-services

Using the aws api I can create a bucket in us-east-1 but not other regions else, why is this ?
$ aws s3api create-bucket --bucket snap2web-12 --region us-east-1
{
"Location": "/snap2web-12"
}
19:21:27 durrantm u2018 /home/durrantm/Dropbox/_/Michael/cli_scripts
$ aws s3api create-bucket --bucket snap2web-13 --region us-east-2
An error occurred (IllegalLocationConstraintException) when calling the CreateBucket operation: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to.
19:21:44 durrantm u2018 /home/durrantm/Dropbox/_/Michael/cli_scripts
$ aws s3api create-bucket --bucket snap2web-14 --region us-west-1
An error occurred (IllegalLocationConstraintException) when calling the CreateBucket operation: The unspecified location constraint is incompatible for the region specific endpoint this request was sent to.
19:23:19 durrantm u2018 /home/durrantm/Dropbox/_/Michael/cli_scripts
$

Two possible fixes:
Use the s3 command:
aws s3 mb s3://snap2web-13 --region us-east-2
or, according to the s3api examples (emphasis mine):
Regions outside of us-east-1 require the appropriate
LocationConstraint to be specified in order to create the bucket in
the desired region:
aws s3api create-bucket --bucket snap2web-13 --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2

Related

Apply multiple tags to an object during uploading via aws cli

What's the correct syntax to upload an object with multiple tags?
Following command with 1 tag works fine:
aws s3api put-object --bucket mybucket --key something/obj.txt --body obj.txt --tagging "mykeyname1=myvalue1"
But following command with multiple tags generates error:
aws s3api put-object --bucket mybucket --key something/obj.txt --body obj.txt --tagging "mykeyname1=myvalue1, mykeyname2=myvalue2"
Error
An error occurred (InvalidArgument) when calling the PutObject operation: The header 'x-amz-tagging' shall be encoded as UTF-8 then URLEncoded URL query parameters without tag name duplicates
Unfortunately the documentation is not the best in this case. You can have multiple tags using the following format: key1=value1&key2=value2
For example:
aws s3api put-object --bucket mybucket --key something/obj.txt --body obj.txt --tagging 'mykeyname1=myvalue1&mykeyname2=myvalue2'

Make an S3 Bucket Permissions Public Access to 'Everyone' using CLI

How would I set the S3 Bucket Permissions for Public Access to 'Everyone' for Read Files using AWS CLI?
The documentation does not have clear specification of how to do this and have tried multiple variations. My end goal is to make the bucket a static site server bucket.
S3 Bucket ACL permission are set after the bucket is created - I achieved a public file read bucket using this command
aws s3api put-bucket-acl --bucket ${SITE_NAME} --acl public-read
After creating the bucket:
aws s3api create-bucket --bucket ${SITE_NAME} --region ap-southeast-2 --create-bucket-configuration LocationConstraint=ap-southeast-2
Hope the below command will help you to make the s3 object public through the AWS CLI command.
aws s3api put-object-acl --bucket <bucketname> --key <object name with extension> --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers

S3api CLI Put Command Issue

I'm using AWS CLI to apply ACL policy to an object in S3, this is the command I have used
aws s3api put-object-acl --bucket XXXX --key XXXX --acl bucket-owner-full-control --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
This command gives an error in return
An error occurred (InvalidRequest) when calling the PutObjectAcl operation: Specifying both Canned ACLs and Header Grants is not allowed
How to apply both Canned and Header Grants to an object ?
I tried by giving only Canned ACL first time (aws s3api put-object-acl --bucket XXXX --key XXXX --acl bucket-owner-full-control) and it applied ,but when I ran second time (aws s3api put-object-acl --bucket XXXX --key XXXX --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers by excluding canned ACL) and including Header Grants changes got overridden. It was including only Header Grants
Can you please help me out on this issue ?
You cannot do that, either you have to use Canned ACL or the Header grants.
You can include email address of bucket owner to grant full control and for others read access.
I mean include the bucket owner details run the command something like below as stated in AWS documentation example.
aws s3api put-object-acl --bucket MyBucket --key file.txt --grant-full-control emailaddress=user1#example.com,emailaddress=user2#example.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers
See the Note in AWS documentation.
Note
You can either use a canned ACL or specify access permissions explicitly. You cannot do both.
https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html

Cannot create Amazon S3 Bucket in specified region

On my macOS Sierra:
$ aws s3api create-bucket --bucket testbucket --region us-west-1
{
"Location": "/testbucket"
}
Then...
$ aws s3api get-bucket-location --bucket testbucket
{
"LocationConstraint": null
}
The weird thing is if I were to check my console, it would show my bucket created but in US East(N. Virginia region). Is the us-west-1 region not available or something?
If it makes a difference, from
$ aws configure
I can see that my default region name is us-west-1
Default region name [us-west-1]:
From the documentation: "Regions outside of us-east-1 require the appropriate LocationConstraint to be specified in order to create the bucket in the desired region"
Try:
aws s3api create-bucket --region us-west-1 --bucket textbucket --create-bucket-configuration LocationConstraint=us-west-1

s3api get-bucket-location returns null for us-east-1 bucket

Don't know why this happens, but getting null for location call
aws --version
aws-cli/1.10.62 Python/2.7.11 Darwin/16.1.0 botocore/1.4.52
aws> s3api get-bucket-location --bucket joshuacalloway-us-east-2-bucket
{
"LocationConstraint": "us-east-2"
}
aws> s3api get-bucket-location --bucket joshuacalloway-us-east-1-bucket
{
"LocationConstraint": null
}
us-east-1 is a specific region as discussed in some AWS doc as below:
https://aws.amazon.com/fr/blogs/developer/leveraging-the-s3-and-s3api-commands/
For example, if I make a bucket located in the Frankfurt region using the s3 commands:
$ aws s3 mb s3://myeucentral1bucket --region eu-central-1
make_bucket: s3://myeucentral1bucket/`
I can then use s3api get-bucket-location to determine the region of my newly created bucket:
$ aws s3api get-bucket-location --bucket myeucentral1bucket
{
"LocationConstraint": "eu-central-1"
}
As shown above, the value of the LocationConstraint member in the output JSON is the expected region of the bucket, eu-central-1. Note that for buckets created in the US Standard region, us-east-1, the value of LocationConstraint will be null. As a quick reference to how location constraints correspond to regions, refer to the AWS Regions and Endpoints Guide.
http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
If you use a region other than the US East (N. Virginia) endpoint to create a bucket, you must set the LocationConstraint bucket parameter to the same region