Can AWS Lambda access S3 buckets from other regions?

4
votes

I currently try to use AWS Lambda. The lambda function should load the zip file (> 10 MB) from an S3 Bucket. The S3 bucket is located in eu-central-1 while the lambda function is in lambda:us-east-1.

When I try to save the lambda function, I get:

Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-central-1'

Is that really the problem? Is it possible to move the lambda function?

The IAM role which executes the Lambda function has the AmazonS3FullAccess policy.

2
amazon-web-servicesamazon-s3aws-lambda
AWS lambda is available in eu-central-1: aws.amazon.com/de/about-aws/whats-new/2016/03/… - Martin Thoma
do you give the right s3 authorizations for the user that you use in lambda? - Edwin
@Edwin Hm. Maybe not. How do I do that? - Martin Thoma
@Edwin you shouldn't use an AWS "user" in Lambda, you should assign an IAM role to the function. That role should be the entity you assign the appropriate S3 permissions to. - Mark B
@MarkB by user I meant IAM (just had an lapsus), Martin check this docs.aws.amazon.com/AmazonS3/latest/dev/… and this: docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html - Edwin

2 Answers

9
votes

The lambda function has to be in the same region as the S3 bucket you specify at "S3 link URL*":

enter image description here

3
votes

You can access an S3 bucket in a different region from Lambda. If you are using Python boto3 library, the following code will help you:

import boto3

client = boto3.client('s3', region_name='eu-central-1')

In fact you can access any resource in a different region from AWS Lambda.