Signed URL Regions (and AWS Regions in general) #26
Description
Even if all infrastructure (including the access bucket) is in the same region, and the boto3 client with region_name set to that region, anything that's not us-east-1 yields signature mismatch errors when trying to load images via signed URLs. The immediate solution is to set endpoint_url on the client (see this), but this will leave the client hard-coded to whatever region was passed.
If the end goal is to have all of the necessary infrastructure generated from the configuration file, and/or to be able to attach to existing infrastructure, desired AWS regions should be set via the config, and the lambda generation process should adjust the client settings accordingly to allow signed URLs to work regardless of bucket location.
A middle-term solution could be automatically populating this endpoint URL based on the location of the passed bucket itself, although this does expand the permissions the Lambda function requires.