By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lambda function using paramiko SSH Client unable to connect to EC2 in the same subnet

0

I am writing this lambda function that uses paramiko.SSHClient() to connect to an EC2 instance that is located in the same Account / VPC / subnet.

The connection method is using the old user and password authentication method (no pass key involved) because the EC2 prohibits other authentication methods.

The method call goes as follows:

    c = paramiko.SSHClient()
    c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    c.connect(server, port, username=username, password=password, pkey=None)

It works without any error when I run the Python code from my own machine. But when I deploy the code to Lambda, it gives me "[Error 16] Device or resource busy".

[ERROR] OSError: [Errno 16] Device or resource busy
Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 36, in lambda_handler
    c.connect(server, port, username=username, password=password, pkey=None)
  File "/var/task/paramiko/client.py", line 377, in connect
    to_try = list(self._families_and_addresses(hostname, port))
  File "/var/task/paramiko/client.py", line 202, in _families_and_addresses
    addrinfos = socket.getaddrinfo(
  File "/var/lang/lib/python3.12/socket.py", line 963, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):END RequestId: ....

The messagem doesn´t seem to be a network error, but rather an OS Error (as the message implies).

It seems to me that when the error raises, the SSHClient hasn´t started the connection processes yet so, it suggests a memory or IO issue inside the lambda machines.

I´ve checked basic stuff (Security Groups, Outbound rules, permissions, etc.) and they are all OK. Also, if I change the "server" parameter and give them a fake server, the message is still the same. So it shows the message is not related to socket connection, but to OS resource.

Topics
ServerlessCompute
Tags
ServerlessLinux ProvisioningAWS Lambda
Language
English
Daniel Marsola
asked a year ago983 views
2 Answers
0

Are you writing your function on a Linux system or with Docker? When you do pip install, the binaries installed will depend on your machine's OS and Python Lambda functions deployed with zip files use a managed runtime of Amazon Linux.

AWS
matthew_d
answered a year ago
  • Daniel Marsola
    a year ago

    I´m writing on my Linux machine. But the compilation is done on a CI/CD resource where I have no access. But it´s another Linux machine. And the deploy is applied through Terraform.

  • matthew_d
    a year ago

    If that is the case then I would recommend to package paramiko using Docker. You can create a layer with paramiko and its dependencies. You can test this works locally by using the Lambda runtime interface emulator.

0

I'm having the same issue but with using ldap3, however receiving the same stacktrace. Focus should not be on paramiko or ldap3, but on a lower level at core python module: socket, because that's where it's failing - when running socket.getaddrinfo.

So why would that be a problem on AWS lambda? Are we receiving network? Is this something configuration related? In my case, I've added lambda function to a VPC, so it should receive an IP address and everything.

MTodoric
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content