The vpce location constraint is incompatible for the region specific endpoint this request was sent

[vpeddada-tibco]

Describe the bug

We are using a VPC endpoint for AWS S3 to create the S3 client followed by create Bucket
However, the operation faulted with the following error:
com.amazonaws.services.s3.model.AmazonS3Exception: The vpce location constraint is incompatible for the region specific endpoint this request was sent to.
After deeper investigation we found that there is an existing issue with LocationConstraint creation in the SDK which can be resolved by a workaround.
The LocationConstraint formed in the above case is an invalid region name and hence the operation failed.
You can refer to the attached logs.
Then we changed our code to use the region name too in the request as follows: This has resolved the issue

CreateBucketRequest request = new CreateBucketRequest("bucketname","regionname");
  s3Client.createBucket(request);

Expected Behavior

The createBucket operation should have worked with the older piece of code.

Current Behavior

However the operation failed with invalid location constraint error as the SDK has an issue with region parsing logic which tries to parse the region from the VPC endpoint if no location was mentioned in the CreateBucketRequest.
In our case we observed from the debug logs that it was formed as
<CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><LocationConstraint>vpce</LocationConstraint></CreateBucketConfiguration>

Here vpce is a string which is part of our VPC endpoint https://bucket.vpce-0ec9574cb6f757c5f-9i0g0rr9.s3.us-west-2.vpce.amazonaws.com:8020

Reproduction Steps

• Create a VPC endpoint something like this https://bucket.vpce-0ec9574cb6f757c5f-9i0g0rr9.s3.us-west-2.vpce.amazonaws.com:8020

AwsClientBuilder.EndpointConfiguration config =
        new AwsClientBuilder.EndpointConfiguration(
                "https://<vpc-endpoint>.com",
                "MyRegion");

AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
        .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
        .withEndpointConfiguration(config)
        .build();
     
 CreateBucketRequest request = new CreateBucketRequest("bucketname");
  s3Client.createBucket(request);

Possible Solution

We changed our code to use the region name too in the request as follows: This has resolved the issue

CreateBucketRequest request = new CreateBucketRequest("bucketname","regionname");

  s3Client.createBucket(request);

Please let us know if 1.12.x has resolved this issue.

Additional Information/Context

BW_S3_App3.txt

AWS Java SDK version used

1.11.967

JDK version used

1.8

Operating System and version

Windows 10

[debora-ito]

Hi @vpeddada thank you for reaching out.

This behavior is expected. According to the Javadocs:

public CreateBucketRequest(String bucketName)
Constructs a new CreateBucketRequest, ready to be executed to create the specified bucket in the US_Standard region.

US_Standard is an old name for us-east-1, and the legacy S3 endpoint for us-east-1 is s3.amazonaws.com. If you want to create a bucket in a different region you need to specify it.

[vpeddada-tibco]

Hi @debora-ito !
Yes I got that point. However,I have walked through the SDK's source and I found that if signer region provided in endpoint configuration is not us-east-1(in this case it's us-west-2), then the source tries to parse the request region from the endpoint URL.
Please refer to

aws-sdk-java/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/AmazonS3Client.java

Line 1106 in 3309b35

if (getSignerRegion() != null && !getSignerRegion().equals("us-east-1") && StringUtils.isNullOrEmpty(requestRegion)) {

This piece of code is retrieving the location as vpce instead of us-west-2 which has caused this issue. Hence there is an issue in

aws-sdk-java/aws-java-sdk-core/src/main/java/com/amazonaws/util/AwsHostNameUtils.java

Line 77 in 3309b35

public static String parseRegion(String host, String serviceHint) {

After fetching the request region, the location constraint configuration is created in the following lines:

aws-sdk-java/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/AmazonS3Client.java

Line 1114 in 3309b35

if (requestRegion != null && !StringUtils.upperCase(requestRegion).equals(Region.US_Standard.toString())) {

Please refer to the debug logs that I attached to this issue and you will find the <CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><LocationConstraint>vpce</LocationConstraint></CreateBucketConfiguration>

Once I started providing region in the CreateBucketRequest, line no 1106 is skipped and the location constraint is rightly formed as us-west-2 and the operation was successful.

[debora-ito]

<CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> 
      <LocationConstraint>vpce</LocationConstraint>
</CreateBucketConfiguration>

Sorry I missed that part, I understand now.
Yes, marking this as a bug with vpce endpoints.

The workaround is to explicitly set the region in CreateBucketRequest :

CreateBucketRequest request = new CreateBucketRequest("bucketname","regionname");

As we have a workaround and the team is focused in SDK v2 work, fixing this is not high in our priority list.

[vpeddada-tibco]

Hi @debora-ito !

Thank you for the acknowledgement. No problem. We made changes to accommodate the workaround. However, just wanted to check:
Is this is a known issue which was fixed in any later versions of SDK such as 1.12.x or V2 ? Or is it a new bug which needs to be addressed?

[mrahul487]

@vpeddada
Are you creating vpce endpoint using "Enable DNS Name". In my case if I dont do Enable DNS even with the fix suggested by you and configuring vpce endpoint its not honouring my endpoint and falls back to public DNS names

Using AWS Cli and endpoint name I am able to create buckets properly.

Also I am facing similar issue in doesBucketExistV2()