1

I'm facing issue using sts client on lambdas. The current code was working two days ago.

const {
  STSClient,
  AssumeRoleCommand,
} = require('@aws-sdk/client-sts')

const stsClient = new STSClient({
  region: process.env.REGION || 'eu-west-1',
})

const params = new AssumeRoleCommand({
  RoleArn: process.env.MARKETPLACE_RESOLVE_CUSTOMER_ROLE_ARN,
  RoleSessionName: `${
    process.env.AWS_LAMBDA_FUNCTION_NAME
  }-${new Date().getTime()}`,
})

const assumedRoleOutput = await stsClient.send(params)

Now it always throws an exception as follow:

2023-02-08T08:07:18.684Z    1a7dd68d-da00-4b07-935c-2f6bc95f996f    ERROR   TypeError: (0 , smithy_client_1.parseRfc3339DateTimeWithOffset) is not a function
 at deserializeAws_queryCredentials (/opt/nodejs/node_modules/@aws-sdk/client-sts/dist-cjs/protocols/Aws_query.js:860:117)
 at deserializeAws_queryAssumeRoleResponse (/opt/nodejs/node_modules/@aws-sdk/client-sts/dist-cjs/protocols/Aws_query.js:756:32)
 at deserializeAws_queryAssumeRoleCommand (/opt/nodejs/node_modules/@aws-sdk/client-sts/dist-cjs/protocols/Aws_query.js:119:16)
 at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
 at async /opt/nodejs/node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24
 at async /opt/nodejs/node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/middleware-signing/dist-cjs/middleware.js:14:20
 at async StandardRetryStrategy.retry (/opt/nodejs/node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/middleware-retry/dist-cjs/StandardRetryStrategy.js:51:46)
 at async /opt/nodejs/node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:5:22
 at async getMarketplaceResolveCustomerRoleCredentials (/var/task/utils/marketplaceUtils.js:27:29)
 at async Object.resolveMarketplaceCustomer (/var/task/utils/marketplaceUtils.js:50:5) {
'$metadata': { attempts: 1, totalRetryDelay: 0 }

I've tried it with the @aws-sdk/client-sts at versions 3.266.0 and 3.224.0

Dibi91
  • 31
  • 7
  • Maybe I found something.. I wrote some libraries to wrap the aws sdk and added them as a layer on lambdas. Removing all those libraries from the layer removes the exception. Mine libraries have the sdk modules as dependencies, so maybe there are some conflicts with the layer and the available sdk on runtime... – Dibi91 Feb 08 '23 at 09:39

2 Answers2

0

The problem was the incorrect aws-sdk version installed during the creation of the layer. I use a docker file to install all the dependencies used by my lambdas and was using the command like:

RUN npm i @aws-sdk/client-sts@3.224.0
RUN npm i @aws-sdk/client-marketplace-entitlement-service@3.266.0

So there was inconsistency between sdk versions probably?

So I tried to create the layer without including the aws sdk modules (removed by hand) and it worked (the sdk is included in lambda execution enviroment)

But I faced another error with aws-sdk/client-marketplace-entitlement-service that where fixed some times ago git issue

So I've changed the commands on the Dockerfile to install latest major release I wanted, as follow:

RUN npm i @aws-sdk/client-sts@3
RUN npm i @aws-sdk/client-marketplace-entitlement-service@3

and now it works!

Dibi91
  • 31
  • 7
0

I ran into something similar. The paths in your callstack indicate that you have already built the @aws-sdk into a layer:

  • /opt/nodejs/node_modules/@aws-sdk - /opt is the path where lambda sticks layer code
  • /var/runtime/node_modules/@aws-sdk is the location of the @aws-sdk which is baked into the default lambda image (for nodejs18 at least)

You should just exclude @aws-sdk from your layer and your handler code. NB ensure that it doesn't get bundled into your handler if you are using a build step (e.g. --external:@aws-sdk if you're using esbuild), or if you're using a container then you probably want a .dockerignore

Ilan
  • 1,647
  • 1
  • 15
  • 16