[aws-cn] CloudFormation fails creating ingestion pipeline due to cross-partition S3 template URL (“Cross-partition S3 access is not supported”)

[mcsu]

Describe the bug

When creating a log ingestion pipeline in Centralized Logging with OpenSearch (CLO), the workflow triggers a CloudFormation stack using a template hosted in the solutions-reference S3 bucket (partition aws). In AWS China partitions (aws-cn), CloudFormation rejects cross-partition S3 template URLs, and the pipeline remains stuck in CREATING.

Error message (CloudFormation / Lambda logs)

An error occurred (ValidationError) when calling the CreateStack operation:
Cross-partition S3 access is not supported.

Example TemplateURL observed during stack creation:

https://solutions-reference.s3.amazonaws.com/centralized-logging-with-opensearch/latest/CentralizedLoggingFromExistingVPCWithOIDC.template

Expected behavior

CLO should create the CloudFormation stack and complete pipeline creation in aws-cn regions without cross-partition errors.

Current Behavior

CloudFormation rejects the TemplateURL because it points to a bucket in another partition (aws → aws-cn), returning:

Cross-partition S3 access is not supported.

To Reproduce

1.	Region: <cn-north-1> (AWS partition: aws-cn)
2.	CLO version: v2.4.3
3.	Create a new log ingestion pipeline (syslog).
4.	Backend Lambda (e.g., APIAppLoglngestionAP|PipelineFlowSMApplngestio/APIAppPipelineAPIPipelineFlowSMAppPipeFlowFnA6) calls CreateStack with the TemplateURL above (bucket in partition aws).
5.	CloudFormation returns ValidationError and the pipeline stays in CREATING.

Possible Solution

No response

Additional context

•	This issue is specific to CloudFormation’s behavior in aws-cn partitions where cross-partition S3 access via TemplateURL is not supported.
•	The error is reproducible whenever TemplateURL points to a bucket in the aws partition from aws-cn.
•	Pipeline creation is blocked in all aws-cn regions because CloudFormation cannot ingest templates from buckets in another partition. Users cannot proceed past the CREATING state.

Solution Version

v2.4.3

AWS Region. e.g., us-east-1

cn-north-1

Other information / Screenshots

[jangidms]

Hi @mcsu

Thank you for reporting this issue.
We'll review this and revert back

[mcsu]

Hello @jangidms and team,

Thank you for looking into this issue.

I would like to know whether there is a plan to fix it. As it appears that the issue stems from CloudFormation not supporting cross-partition access to templates stored in S3, if we could update the relevant Lambda functions in a new release to use S3 buckets in the China Regions under certain conditions (or allow users to specify the template’s S3 URL when adding new data pipeline), it would quickly mitigate this type of problem.

Thank you.

[jangidms]

Hi @mcsu,

Yes, this fix is planned for our upcoming v2.4.4 release. We'll share the release date once available.

[jangidms]

Hi @mcsu

This has been fixed in latest version v2.4.4
Please refer solution landing page for updated Template URLs

[mcsu]

Hello @jangidms and team,

thank you for your prompt response. I have tested version 2.4.4 and can confirm it has been fully fixed.

Love from BJS