0

A follow on from: AWS::WAFv2::WebACLAssociation ResourceArn for Application Load Balancer in CloudFormation

I have a custom cloudformation resource lambda function that now fails to run.

Initially I had trouble even getting it to create a boto3 client without specifying a region_name. It seems that the basic environment variables are missing when creating this resource in cloudformation.

Now I have

import boto3

eb = boto3.client('elasticbeanstalk', region_name='ap-southeast-2')
...
response = eb.describe_environment_resources(
  EnvironmentName=(my eb name)
)

But it throws an error which I cannot track down: "cannot unpack non-iterable NoneType object"

If I dont specify the region, I get this error: [ERROR] 2021-02-16T01:01:27.535Z 90ba5d73-6278-4178-beeb-8cd1df18d704 Unable to construct an endpoint for elasticbeanstalk in region None

I think the root issue still exists where cloudformation's custom resource cannot be created properly to support the lambda function. Though this works in other VPCs.

Full code available at https://github.com/qld-gov-au/documentproduction/blob/main/aws/cf/loadbalancerinfo.py Error is thrown from line 65.

Error from CloudWatch:

2021-02-15T21:32:44.855+10:00   [INFO] 2021-02-15T11:32:44.854Z e382e390-b3da-403b-a301-79b0555eedac got event {'RequestType': 'Create', 'ServiceToken': 'xxxx:function:dp-LoadBalancerInfoFunction-DI95WY45K5R2', 'ResponseURL': 'https://cloudformation-custom-resource-response-apsoutheast2.s3-ap-southeast-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aap-southeast-2%3A456083373251%3Astack/dp/ebe11aa0-6f7f-11eb-baad-0a8329d47ae6%7CLoadBalancerInfoResource%7C7d5e590a-a501-43ae-a79b-9dc62f4fed8b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20210215T113243Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=xxxxxxx%2F20210215%2Fap-southeast-2%2Fs3%2Faws4_request&X-Amz-Signature=xxxxx', 'StackId': 'arn:aws:cloudformation:ap-southeast-2:xxxxx:stack/dp/ebe11aa0-6f7f-11eb-baad-0a8329d47ae6', 'RequestId': '7d5e590a-a501-43ae-a79b-9dc62f4fed8b', 'LogicalResourceId': 'LoadBalancerInfoResource', 'ResourceType': 'Custom::GetEBLoadBalancerArn', 'ResourceProperties': {'ServiceToken': 'arn:aws:lambda:ap-southeast-2:xxxxx:function:dp-LoadBalancerInfoFunction-DI95WY45K5R2', 'EBEnvName': 'dp-Applic-US4NZLOYHZND'}}
2021-02-15T21:32:44.860+10:00   [INFO] 2021-02-15T11:32:44.860Z e382e390-b3da-403b-a301-79b0555eedac Found credentials in environment variables.
2021-02-15T21:32:45.039+10:00   [INFO] 2021-02-15T11:32:45.23Z e382e390-b3da-403b-a301-79b0555eedac Starting new HTTPS connection (1): elasticbeanstalk.ap-southeast-2.amazonaws.com
2021-02-15T21:32:45.060+10:00   [ERROR] 2021-02-15T11:32:45.59Z e382e390-b3da-403b-a301-79b0555eedac cannot unpack non-iterable NoneType object
Steven
  • 3,844
  • 3
  • 32
  • 53
  • Can you show full code of lambda, and which line the error originates from? – Marcin Feb 15 '21 at 05:24
  • Linked to source code and triggered from aws cloudformation update-stack --stack-name documentproduction --template-body file://cf.json --tags file://prodtags.json --parameters file://prod.json --capabilities CAPABILITY_IAM. I also tried reverting the role permissions to match the original answer in the first referenced question. – Steven Feb 15 '21 at 05:45
  • 1
    Do CloudWatch logs show more details? Which line exactly does the error occur? – Marcin Feb 15 '21 at 06:27
  • Throws an error on line 65. Cloudwatch does not show any more details other than that error message. It seems it is internal to the boto3 client. There's nothing on IAM permission errors either. Just literally that message.I cant even get the internal line number within the boto3 client. – Steven Feb 15 '21 at 06:43
  • Did you place your function in a VPC? Lambda in VPC has no internet access by default. Have you ensured the conectivity to EB service? – Marcin Feb 15 '21 at 06:52
  • No VPC imposed on the lambda function. I’m using the cf template in the same repo linked above. – Steven Feb 15 '21 at 07:54

1 Answers1

0

Found the problem to be in my requirements.txt and referencing boto3 0.0.1. I've updated to use a proper release and repackaged my zip.

Steven
  • 3,844
  • 3
  • 32
  • 53