The Mystery of the 🪄 Malformed S3 Authorization Header
Spent over an hour debugging a simple Terraform setup. It wasn’t Terraform’s fault. It wasn’t my AWS provider config. It was… S3's "bucket name memory" 🤯
❓ What Happened
- ✅ I had a working CloudTrail setup in
ap-southeast-1 - 🗑️ I deleted the S3 bucket
- 🔁 Tried to recreate same name in
us-east-1 - 💥 Got this error:
AuthorizationHeaderMalformed: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'ap-southeast-1'
🔍 Root Cause
- 🪣 S3 remembers deleted bucket names and their original region
- 🌐 S3 bucket names are global — reused names trigger region conflicts
- 🧠 AWS internally caches bucket-region mappings
- 📛 Even though the bucket was deleted, S3 still linked that name to the original region
✅ What Fixed It
- I renamed the bucket:
-test1added → it worked instantly - No region conflict
💡 Lesson
When switching regions:
- 🆕 Use new bucket names
- 🧹 Or wait hours/days for AWS to fully purge name mapping
- 🧭 Don’t assume a deleted bucket is gone from AWS memory
🧵 Why This Matters
- ⏳ I wasted time chasing provider settings
- 🧩 Error message was misleading
- 🔁 Easy to run into during region migrations or reuse
Hope this saves someone a few hours! ⏱️
Top comments (0)