diff --git a/awscli/customizations/cloudtrail.py b/awscli/customizations/cloudtrail.py index 307410054e56..ecc189506903 100644 --- a/awscli/customizations/cloudtrail.py +++ b/awscli/customizations/cloudtrail.py @@ -186,6 +186,18 @@ def _call(self, options, parsed_globals): 'Logs will be delivered to {bucket}:{prefix}\n'.format( bucket=bucket, prefix=options.s3_prefix or '')) + def _get_policy(self, key_name): + try: + data = self.s3.GetObject( + bucket='awscloudtrail-policy-' + self.region_name, + key=key_name) + except Exception: + LOG.error('Unable to get regional policy template for' + ' region %s: %s', self.region_name, key_name) + raise + + return data['Body'].read().decode('utf-8') + def setup_new_bucket(self, bucket, prefix, policy_url=None): """ Creates a new S3 bucket with an appropriate policy to let CloudTrail @@ -206,10 +218,7 @@ def setup_new_bucket(self, bucket, prefix, policy_url=None): if policy_url: policy = requests.get(policy_url).text else: - data = self.s3.GetObject( - bucket='awscloudtrail-policy-' + self.region_name, - key=S3_POLICY_TEMPLATE) - policy = data['Body'].read().decode('utf-8') + policy = self._get_policy(S3_POLICY_TEMPLATE) policy = policy.replace('', bucket)\ .replace('', account_id) @@ -284,10 +293,7 @@ def setup_new_topic(self, topic, policy_url=None): if policy_url: policy = requests.get(policy_url).text else: - data = self.s3.GetObject( - bucket='awscloudtrail-policy-' + self.region_name, - key=SNS_POLICY_TEMPLATE) - policy = data['Body'].read().decode('utf-8') + policy = self._get_policy(SNS_POLICY_TEMPLATE) policy = policy.replace('', region)\ .replace('', account_id)\