The Mystery of the πͺ Malformed S3 Authorization Header
Spent over an hour debugging a simple Terraform setup. It wasnβt Terraformβs fault. It wasnβt my AWS provider config. It wasβ¦ S3's "bucket name memory" π€―
β What Happened
- β
I had a working CloudTrail setup in
ap-southeast-1 - ποΈ I deleted the S3 bucket
- π Tried to recreate same name in
us-east-1 - π₯ Got this error:
AuthorizationHeaderMalformed: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'ap-southeast-1'
π Root Cause
- πͺ£ S3 remembers deleted bucket names and their original region
- π S3 bucket names are global β reused names trigger region conflicts
- π§ AWS internally caches bucket-region mappings
- π Even though the bucket was deleted, S3 still linked that name to the original region
β What Fixed It
- I renamed the bucket:
-test1added β it worked instantly - No region conflict
π‘ Lesson
When switching regions:
- π Use new bucket names
- π§Ή Or wait hours/days for AWS to fully purge name mapping
- π§ Donβt assume a deleted bucket is gone from AWS memory
𧡠Why This Matters
- β³ I wasted time chasing provider settings
- 𧩠Error message was misleading
- π Easy to run into during region migrations or reuse
Hope this saves someone a few hours! β±οΈ
Top comments (0)