I am following the Amazon Chime SDK workshop and I came accross this problem while creating a bucket with their provided template.
CLI:
aws cloudformation create-stack --stack-name chimesdk-ws-102-s3-cfd --template-body file://csdk-ws-102-s3-cfd.yml
Template:
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CloudFront distribution with an S3 origin for Amazon ChimeSDK WS-102'
Resources:
S3Bucket:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store some data for chimesdk-workshops'
Properties:
AccessControl: 'Private'
BucketName: !Sub 's3-origin-chimesdk-workshops-${AWS::StackName}-${AWS::AccountId}-${!RandomDigits 3}'
Type: 'AWS::S3::Bucket'
S3BucketPolicy:
Metadata:
Comment: 'Bucket policy to allow CloudFront to access S3'
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Statement:
- Action:
- 's3:GetObject'
Effect: 'Allow'
Principal:
CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
Resource:
- !Sub 'arn:aws:s3:::${S3Bucket}/*'
Type: 'AWS::S3::BucketPolicy'
CfDistribution:
Metadata:
Comment: 'CloudFront distribution with an S3 origin for Amazon ChimeSDK WS-102'
Properties:
DistributionConfig:
Comment: 'CloudFront distribution with an S3 origin for Amazon ChimeSDK WS-102'
DefaultCacheBehavior:
AllowedMethods:
- 'HEAD'
- 'GET'
CachedMethods:
- 'HEAD'
- 'GET'
Compress: false
DefaultTTL: 86400
ForwardedValues:
Cookies:
Forward: 'none'
Headers:
- 'Origin'
QueryString: false
MaxTTL: 31536000
MinTTL: 86400
TargetOriginId: !Sub 's3-origin-${S3Bucket}'
ViewerProtocolPolicy: 'redirect-to-https'
DefaultRootObject: 'index.html'
Enabled: true
HttpVersion: 'http1.1'
IPV6Enabled: false
Origins:
- DomainName: !GetAtt S3Bucket.DomainName
Id: !Sub 's3-origin-${S3Bucket}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
PriceClass: 'PriceClass_All'
Type: 'AWS::CloudFront::Distribution'
CfOriginAccessIdentity:
Metadata:
Comment: 'Access S3 bucket content only through CloudFront'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access S3 bucket content only through CloudFront'
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Outputs:
S3BucketName:
Description: 'Bucket name'
Value: !Ref S3Bucket
CfDistributionId:
Description: 'Id for CloudFront distribution with an S3 origin for Amazon ChimeSDK WS-102'
Value: !Ref CfDistribution
CfDistributionDomainName:
Description: 'Domain name for CloudFront distribution with an S3 origin for Amazon ChimeSDK WS-102'
Value: !GetAtt CfDistribution.DomainName
Error:
Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: HYNPE7QQSABRN1ZV; S3 Extended Request ID: kmLUHBpmYN1ZQ9OJ928MgY+ZsbrzLmKm74v2m3K0NbPiF/dKWgA6rrDP9criO/rdUQAVKHoY1F0=; Proxy: null)
2
Answers
Your bucket name is incorrect. There is no such thing as
${!RandomDigits 3}in CloudFormation. You have to explicitly specify those random digits.This is most likely due to a permission issue. Check the following two locations for a more verbose exception:
Cloudformation stack events in the CFN Web Console, it should tell you exactly what failed and why.
If the above still states
Bad Request, then check Cloudtrail logs for exceptions at the same time you launched the stack.