By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSL error preventing listing of lambdas in the console and CLI

0

For certain regions, I am unable to view the list of lambda functions:

  • When I view the lambda function list in the console, I see the error

    "Load failed".

  • When I run the AWS CLI command aws lambda list-functions, I see the error

    "SSL validation failed for https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/ [SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1006)"

On further investigation, the AWS console raises this error in the browser console:

[Error] Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made. https://lambda.us-east-1.amazonaws.com/2015-03-31/functions

For the AWS CLI, I tried aws --debug lambda list-functions to obtain more info, and this is perhaps the most relevant snippet from the output:

2023-11-20 13:53:13,427 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListFunctions) with params: {'url_path': '/2015-03-31/functions/', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'aws-cli/2.13.37 Python/3.11.6 Darwin/23.1.0 exe/x86_64 prompt/off command/lambda.list-functions'}, 'body': b'', 'url': 'https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x10900e8d0>, 'has_streaming_input': False, 'auth_type': None}}
2023-11-20 13:53:13,427 - MainThread - botocore.hooks - DEBUG - Event request-created.lambda.ListFunctions: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x108cff290>>
2023-11-20 13:53:13,427 - MainThread - botocore.hooks - DEBUG - Event choose-signer.lambda.ListFunctions: calling handler <function set_operation_specific_signer at 0x10724b100>
2023-11-20 13:53:13,427 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2023-11-20 13:53:13,427 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/2015-03-31/functions/

host:lambda.us-east-1.amazonaws.com
x-amz-date:20231120T135313Z

host;x-amz-date
<redacted>
2023-11-20 13:53:13,427 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20231120T135313Z
20231120/us-east-1/lambda/aws4_request
<redacted>
2023-11-20 13:53:13,427 - MainThread - botocore.auth - DEBUG - Signature:
<redacted>
2023-11-20 13:53:13,427 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/, headers={'User-Agent': b'aws-cli/2.13.37 Python/3.11.6 Darwin/23.1.0 exe/x86_64 prompt/off command/lambda.list-functions', 'X-Amz-Date': b'20231120T135313Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=<redacted>/20231120/us-east-1/lambda/aws4_request, SignedHeaders=host;x-amz-date, Signature=<redacted>'}>
2023-11-20 13:53:13,428 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-11-20 13:53:13,428 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): lambda.us-east-1.amazonaws.com:443
2023-11-20 13:53:13,459 - MainThread - botocore.endpoint - DEBUG - Exception received when sending HTTP request.
Traceback (most recent call last):
  File "urllib3/connectionpool.py", line 715, in urlopen
  File "urllib3/connectionpool.py", line 404, in _make_request
  File "urllib3/connectionpool.py", line 1058, in _validate_conn
  File "urllib3/connection.py", line 419, in connect
  File "urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
  File "urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
  File "ssl.py", line 517, in wrap_socket
  File "ssl.py", line 1108, in _create
  File "ssl.py", line 1379, in do_handshake
ssl.SSLEOFError: [SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1006)
Topics
ServerlessComputeDeveloper ToolsManagement & Governance
Tags
ServerlessAWS LambdaDeveloper ToolsAWS Management ConsoleAWS Command Line Interface
Language
English
Eamon
asked 5 months ago1588 views
2 Answers
0
Accepted Answer

The errors you're encountering indicate there's an SSL (Secure Sockets Layer) communication problem between your client (AWS CLI or browser) and the AWS Lambda service endpoint.

For the AWS Management Console in the browser:

  • The error message suggests that your browser was unable to establish a secure connection with the AWS service endpoint. This could be due to network issues, outdated browser, strict network policies, or a misconfigured proxy.

For the AWS CLI:

  • The SSL: UNEXPECTED_EOF_WHILE_READING error indicates that the SSL connection was terminated unexpectedly, likely due to similar issues as above or a problem with the Python environment's SSL library.

Here are some steps you can take to troubleshoot and potentially resolve the issue:

  1. Update Your Tools:

    • Update your browser to the latest version.
    • Update the AWS CLI to the latest version.
    • Ensure that your operating system and its SSL/TLS libraries are up to date.

  2. Network Configuration:

    • If you're behind a corporate firewall or VPN, check that it's configured to allow SSL/TLS traffic to AWS service endpoints.
    • Check your local network's firewall settings and any security software that may be interrupting SSL connections.

  3. Proxy Settings:

    • If you're using a proxy, ensure that it's correctly configured for both your browser and the AWS CLI.
    • If you're not using a proxy, ensure that no environment variables (like https_proxy or http_proxy) are incorrectly set which might be routing traffic through a non-existent proxy.

  4. Certificate Issues:

    • Verify that your system recognizes and trusts the CA (Certificate Authority) that issued the AWS service endpoint's certificate.
    • Ensure that the path to the certificate bundle used by the AWS CLI and Python is correct and that the certificates are not corrupted.

  5. AWS CLI Configuration:

    • Ensure that your AWS CLI is configured with the correct region and that the credentials are up to date.
    • If you have multiple AWS profiles, check that you're using the correct profile with the --profile option.

  6. Use curl or openssl s_client: To further diagnose the SSL handshake, you could use tools like curl with the -v flag or openssl s_client to attempt to connect to the AWS service endpoint and observe where the SSL handshake is failing.

If you have recently changed any network settings or updated your system, these changes could also be related to the issue. If the problem persists after troubleshooting, consider reaching out to AWS Support for further assistance, as this issue may be specific to your environment or account.

AWS
Drew D
answered 5 months ago
0

Thank you for your suggestions.

My laptop is behind corporate zScaler, but I also checked with a linux server on my home network, without any restrictions. The linux server worked fine.

I was not signed in to private access on zScaler. Once I authenticated in zScaler, both the browser and CLI commands worked for all regions.

It is curious that the command worked in some regions but not all. I encountered the problem in us-east-1 and eu-west-1 but not in eu-west-2, for example.

Perhaps something to do with how my company has zScaler configured, but I can take that up internally.

Eamon
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content