/// <summary>
/// Validates S3ObjectLambda Access Points.
/// </summary>
private static void ValidateS3ObjectLambdaAccessPoint(Arn arn, AmazonS3Config s3Config, RegionEndpoint region)
{
var arnString = arn.ToString();
if (!arn.HasValidAccountId())
{
throw new AmazonAccountIdException();
}
foreach (var ch in arnString)
{
if (!char.IsLetterOrDigit(ch) && ch != ':' && ch != '/' && ch != '-')
{
throw new AmazonClientException("Invalid Arn. S3ObjectLambda arns can only contain alphanumeric characters, :, / and -");
}
}
if (arn.Resource.Split(':').Length > 2)
{
throw new AmazonClientException("Invalid ARN, Access Point ARN contains sub resources");
}
if (s3Config.UseAccelerateEndpoint)
{
throw new AmazonClientException("Invalid configuration S3ObjectLambda access points do not support accelerate");
}
if (s3Config.UseDualstackEndpoint)
{
throw new AmazonClientException("Invalid configuration S3ObjectLambda access points do not support dualstack");
}
if (HasValidFips(arn, s3Config, region)) // will throw on invalid configs
{
return;
}
if (string.IsNullOrEmpty(arn.AccountId))
{
throw new AmazonClientException("Account ID is missing in S3ObjectLambda access point ARN");
}
if (string.IsNullOrEmpty(arn.Region))
{
throw new AmazonClientException("AWS region is missing in S3ObjectLambda access point ARN");
}
if (!string.Equals(region.PartitionName, arn.Partition))
{
throw new AmazonClientException("Invalid configuration, cross partition S3ObjectLambda access point ARN");
}
if (!s3Config.UseArnRegion &&
!string.Equals(arn.Region, region.SystemName, StringComparison.Ordinal))
{
throw new AmazonClientException("Invalid configuration, cross region S3ObjectLambda access point ARN");
}
}
private static void ValidateS3AccessPoint(Arn s3Arn, AmazonS3Config s3Config, RegionEndpoint region)
{
if (s3Config.UseAccelerateEndpoint)
{
throw new AmazonClientException(
"The request is using an access point ARN for the bucket name and the S3 service client is configured to use accelerate endpoints which is not supported. " +
"To use this access point create a new S3 service client with the UseAccelerateEndpoint property set to false."
);
}
if (!s3Arn.HasValidAccountId())
{
throw new AmazonAccountIdException();
}
if (string.IsNullOrEmpty(s3Arn.AccountId))
{
throw new AmazonClientException("Account ID is missing in access point ARN");
}
if (string.IsNullOrEmpty(s3Arn.Region))
{
throw new AmazonClientException("AWS region is missing in access point ARN");
}
if (HasValidFips(s3Arn, s3Config, region)) // will throw on invalid configs
{
return;
}
if (!string.Equals(region.PartitionName, s3Arn.Partition, StringComparison.Ordinal))
{
throw new AmazonClientException("The access point used in the request is in a different AWS partition then the region configured for the AmazonS3Client.");
}
if (string.Equals(s3Arn.Region, region.SystemName, StringComparison.Ordinal))
{
return;
}
if (!s3Config.UseArnRegion)
{
throw new AmazonClientException(
$"The S3 service client is configured for region {region.SystemName} but the access point is in {s3Arn.Region}. " +
"By default the SDK doesn't allow cross region calls. If you want to enable cross region calls set the environment AWS_S3_USE_ARN_REGION or the AmazonS3Config.UseArnRegion property to value \"true\".");
}
}
/// <summary>
/// Validates Outposts Access points.
/// </summary>
private static void ValidateOutpostAccessPoint(Arn arn, AmazonS3Config s3Config, RegionEndpoint region)
{
if (s3Config.UseAccelerateEndpoint)
{
throw new AmazonClientException("Invalid configuration outpost access points do not support accelerate");
}
if (s3Config.UseDualstackEndpoint)
{
throw new AmazonClientException("Invalid configuration outpost access points do not support dualstack");
}
if (!arn.HasValidAccountId())
{
throw new AmazonAccountIdException();
}
if (string.IsNullOrEmpty(arn.AccountId))
{
throw new AmazonClientException("Account ID is missing in outpost access point ARN");
}
if (string.IsNullOrEmpty(arn.Region))
{
throw new AmazonClientException("AWS region is missing in outpost access point ARN");
}
if (!string.Equals(region.PartitionName, arn.Partition))
{
throw new AmazonClientException("Invalid configuration, cross partition outpost access point ARN");
}
if (s3Config.UseFIPSEndpoint ||
s3Config.UseArnRegion && arn.Region.StartsWith("fips-"))
{
throw new AmazonClientException("Invalid configuration outpost access points do not support Fips- regions");
}
if (!s3Config.UseArnRegion &&
!string.Equals(arn.Region, region.SystemName, StringComparison.Ordinal))
{
throw new AmazonClientException("Invalid configuration, cross region outpost access point ARN");
}
}