By using AWS re:Post, you agree to the Terms of Use

Unanswered Questions tagged with Serverless

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS lambda function not able to resolve or connect to ipv6 only domain

I implemented a AWS lambda function which shall pass an Alexa custom skill event to my domain for processing, see code below. const https = require('https'); exports.handler = (event, context, callback) => { var options = { hostname: '<my.domain.com>', path: '/<mypath>', port: 443, method: 'POST', rejectUnauthorized: false, headers: { 'Content-Type': 'application/json', 'Authorization': '<my base64 user:password>' } }; const req = https.request(options, (res) => { let body = ''; console.log('Status:', res.statusCode); console.log('Headers:', JSON.stringify(res.headers)); res.setEncoding('utf8'); res.on('data', (chunk) => { body += chunk; }); res.on('end', () => { console.log('Successfully processed HTTPS response'); body = JSON.parse(body); callback(null, body); }); }); req.on('error', callback); req.write(JSON.stringify(event)); req.end(); }; The function runs serverless, not connected to a VPC. The domain <my.domain.com> resolves to an IPv6 address and I am able to connect to my host for example from an internet instance using curl and receive the expected answers. curl -i -k -v -X POST -d testcase.json -u <user:password> https://<my.domain.com>:<my port>/<my path> In AWS I implemented a test case and run it. The test returned the error ENOTFOUND from function getaddrinfo trying to resolve my domain, see execution result below. Test Event Name Test0001 Response { "errorType": "Error", "errorMessage": "getaddrinfo ENOTFOUND <my.domain.com>", "trace": [ "Error: getaddrinfo ENOTFOUND <my.domain.com>", " at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)" ] } Function Logs LOGS Name: cloudwatch_lambda_agent State: Subscribed Types: [platform] EXTENSION Name: cloudwatch_lambda_agent State: Ready Events: [SHUTDOWN,INVOKE] START RequestId: 78314f37-e991-4d3d-b4f2-03da64bf91b7 Version: $LATEST 2022-09-24T04:59:06.966Z 78314f37-e991-4d3d-b4f2-03da64bf91b7 ERROR Invoke Error {"errorType":"Error","errorMessage":"getaddrinfo ENOTFOUND <my.domain.com>","code":"ENOTFOUND","errno":-3008,"syscall":"getaddrinfo","hostname":"<my.domain.com>","stack":["Error: getaddrinfo ENOTFOUND <my.domain.com>"," at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)"]} END RequestId: 78314f37-e991-4d3d-b4f2-03da64bf91b7 REPORT RequestId: 78314f37-e991-4d3d-b4f2-03da64bf91b7 Duration: 425.43 ms Billed Duration: 426 ms Memory Size: 128 MB Max Memory Used: 76 MB Init Duration: 248.14 ms During my investigation I found the hint to add option „family: 6,“. Using this option the test case resolves the domain now to the correct ipv6 address, but returns then EAFNOSUPPORT trying to connect to the address, see execution result below. Request ID 78314f37-e991-4d3d-b4f2-03da64bf91b7 Test Event Name Test0001 Response { "errorType": "Error", "errorMessage": "connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)", "trace": [ "Error: connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)", " at internalConnect (node:net:953:16)", " at defaultTriggerAsyncIdScope (node:internal/async_hooks:465:18)", " at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1097:9)", " at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:73:8)" ] } Function Logs LOGS Name: cloudwatch_lambda_agent State: Subscribed Types: [platform] EXTENSION Name: cloudwatch_lambda_agent State: Ready Events: [INVOKE,SHUTDOWN] START RequestId: f3493148-071f-466d-94c7-d29a0d715640 Version: $LATEST 2022-09-24T05:06:52.877Z f3493148-071f-466d-94c7-d29a0d715640 ERROR Invoke Error {"errorType":"Error","errorMessage":"connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)","code":"EAFNOSUPPORT","errno":-97,"syscall":"connect","address":"xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","port":443,"stack":["Error: connect EAFNOSUPPORT xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:443 - Local (undefined:undefined)"," at internalConnect (node:net:953:16)"," at defaultTriggerAsyncIdScope (node:internal/async_hooks:465:18)"," at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1097:9)"," at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:73:8)"]} END RequestId: f3493148-071f-466d-94c7-d29a0d715640 REPORT RequestId: f3493148-071f-466d-94c7-d29a0d715640 Duration: 447.45 ms Billed Duration: 448 ms Memory Size: 128 MB Max Memory Used: 76 MB Init Duration: 231.52 ms Request ID f3493148-071f-466d-94c7-d29a0d715640 Any further investigation was not successful. I assume it is an issue using IPv6, but I am not able to solve it. Any help is appreciated. Thank you in advance. Joachim
0
answers
0
votes
8
views
asked 10 hours ago

Datadog Forwarder Lambda function is failing while deploying through CloudFormation Template even though the value for ReservedConcurrency is increased from 100 to 1000.

Hi AWS, I am trying to integrate AWS with Datadog using CloudFormation method but while doing so my Forwarder Lambda function is failing which is responsible for collecting logs, metrics etc. I am attaching the template for the Forwarder function which is integrated into the main template as Nested Stack and also pasting the error for the same: ``` AWSTemplateFormatVersion: "2010-09-09" Description: Pushes logs, metrics and traces from AWS to Datadog. Mappings: Constants: DdForwarder: Version: 3.59.0 LayerVersion: 24 Parameters: DdApiKey: Type: String NoEcho: true Default: "" Description: The Datadog API key, which can be found from the APIs page (/account/settings#api). It will be stored in AWS Secrets Manager securely. If DdApiKeySecretArn is also set, this value is ignored. DdApiKeySecretArn: Type: String AllowedPattern: "arn:.*:secretsmanager:.*" Default: "arn:aws:secretsmanager:DEFAULT" Description: The ARN of the secret storing the Datadog API key, if you already have it stored in Secrets Manager. You must store the secret as a plaintext, rather than a key-value pair. DdSite: Type: String Default: datadoghq.com Description: Define your Datadog Site to send data to. Possible values are `datadoghq.com`, `datadoghq.eu`, `us3.datadoghq.com`, `us5.datadoghq.com` and `ddog-gov.com`. AllowedPattern: .+ ConstraintDescription: DdSite is required FunctionName: Type: String Default: DatadogForwarder Description: The Datadog Forwarder Lambda function name. DO NOT change when updating an existing CloudFormation stack, otherwise the current forwarder function will be replaced and all the triggers will be lost. MemorySize: Type: Number Default: 1024 MinValue: 128 MaxValue: 3008 Description: Memory size for the Datadog Forwarder Lambda function Timeout: Type: Number Default: 120 Description: Timeout for the Datadog Forwarder Lambda function TagsCacheTTLSeconds: Type: Number Default: 300 Description: TTL (in seconds) for the Datadog tags cache ReservedConcurrency: Type: Number Default: 100 Description: Reserved concurrency for the Datadog Forwarder Lambda function LogRetentionInDays: Type: Number Default: 90 Description: CloudWatch log retention for logs generated by the Datadog Forwarder Lambda function SourceZipUrl: Type: String Default: "" Description: DO NOT CHANGE unless you know what you are doing. Override the default location of the function source code. InstallAsLayer: Type: String Default: true Description: Whether to use the layer-based installation flow. Set to false to use our legacy installation flow, which installs a second function that copies the forwarder code from Github to an S3 bucket. Defaults to true. AllowedValues: - true - false LayerARN: Type: String Default: "" Description: ARN for the layer containing the forwarder code. If empty, the script will use the version of the layer the forwarder was published with. DdTags: Type: String Default: "" Description: Add custom tags to forwarded logs, comma-delimited string, no trailing comma, e.g., env:prod,stack:classic DdFetchLambdaTags: Type: String Default: true AllowedValues: - true - false Description: Let the forwarder fetch Lambda tags using GetResources API calls and apply them to logs, metrics and traces. If set to true, permission tag:GetResources will be automatically added to the Lambda execution IAM role. The tags are cached in memory so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.get_resources_api_calls metric for each API call made. DdFetchLogGroupTags: Type: String Default: true AllowedValues: - true - false Description: Let the forwarder fetch Log Group tags using ListTagsLogGroup and apply them to logs, metrics and traces. If set to true, permission logs:ListTagsLogGroup will be automatically added to the Lambda execution IAM role. The tags are cached in memory so that they'll only be fetched when the function cold starts or when the TTL (1 hour) expires. The forwarder increments the aws.lambda.enhanced.list_tags_log_group_api_call metric for each API call made. DdUseTcp: Type: String Default: false AllowedValues: - true - false Description: By default, the forwarder sends logs using HTTPS through the port 443. To send logs over an SSL encrypted TCP connection, set this parameter to true. DdNoSsl: Type: String Default: false AllowedValues: - true - false Description: Disable SSL when forwarding logs, set to true when forwarding logs through a proxy. DdUrl: Type: String Default: "" Description: The endpoint URL to forward the logs to, useful for forwarding logs through a proxy DdPort: Type: String Default: "" Description: The endpoint port to forward the logs to, useful for forwarding logs through a proxy DdSkipSslValidation: Type: String Default: false AllowedValues: - true - false Description: Send logs over HTTPS, while NOT validating the certificate provided by the endpoint. This will still encrypt the traffic between the forwarder and the log intake endpoint, but will not verify if the destination SSL certificate is valid. RedactIp: Type: String Default: false AllowedValues: - true - false Description: Replace text matching \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} with xxx.xxx.xxx.xxx RedactEmail: Type: String Default: false AllowedValues: - true - false Description: Replace text matching [a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+ with xxxxx@xxxxx.com DdScrubbingRule: Type: String Default: "" Description: Replace text matching the supplied regular expression with xxxxx (default) or DdScrubbingRuleReplacement (if supplied). Log scrubbing rule is applied to the full JSON-formatted log, including any metadata that is automatically added by the Lambda function. Each instance of a pattern match is replaced until no more matches are found in each log. Note, using inefficient regular expression, such as `.*`, may slow down the Lambda function. DdScrubbingRuleReplacement: Type: String Default: "" Description: Replace text matching DdScrubbingRule with the supplied text ExcludeAtMatch: Type: String Default: "" Description: DO NOT send logs matching the supplied regular expression. If a log matches both the ExcludeAtMatch and IncludeAtMatch, it is excluded. Filtering rules are applied to the full JSON-formatted log, including any metadata that is automatically added by the function. Note, using inefficient regular expression, such as `.*`, may slow down the Lambda function. IncludeAtMatch: Type: String Default: "" Description: Only send logs matching the supplied regular expression and not excluded by ExcludeAtMatch. Note, using inefficient regular expression, such as `.*`, may slow down the Lambda function. DdMultilineLogRegexPattern: Type: String Default: "" Description: Use the supplied regular expression to detect for a new log line for multiline logs from S3, e.g., use expression "\d{2}\/\d{2}\/\d{4}" for multiline logs beginning with pattern "11/10/2014". DdForwardLog: Type: String Default: true AllowedValues: - true - false Description: Set to false to disable log forwarding, while continuing to forward other observability data, such as metrics and traces from Lambda functions. DdUseCompression: Type: String Default: true AllowedValues: - true - false Description: Set to false to disable log compression. Only valid when sending logs over HTTP. DdUsePrivateLink: Type: String Default: false AllowedValues: - true - false Description: DEPRECATED, DO NOT CHANGE. See README.md for details. Set to true to deploy the Forwarder to a VPC and send logs, metrics, and traces via AWS PrivateLink. When set to true, must also set VPCSecurityGroupIds and VPCSubnetIds. DdUseVPC: Type: String Default: false AllowedValues: - true - false Description: Set to true to deploy the Forwarder to a VPC and send logs, metrics, and traces via a proxy. When set to true, must also set VPCSecurityGroupIds and VPCSubnetIds. DdHttpProxyURL: Type: String Default: "" Description: "Sets the standard web proxy environment variables HTTP_PROXY and HTTPS_PROXY. These are the url endpoints your proxy server exposes. Don't use this in combination with AWS Private Link. Make sure to also set DdSkipSslValidation to true." DdNoProxy: Type: String Default: "" Description: "Sets the standard web proxy environment variable NO_PROXY. It is a comma-separated list of domain names that should be excluded from the web proxy." VPCSecurityGroupIds: Type: CommaDelimitedList Default: "" Description: Comma separated list of VPC Security Group Ids. Used when DdUsePrivateLink or DdUseVPC is enabled. VPCSubnetIds: Type: CommaDelimitedList Default: "" Description: Comma separated list of VPC Subnet Ids. Used when DdUsePrivateLink or DdUseVPC is enabled. DdCompressionLevel: Type: Number Default: 6 AllowedValues: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] Description: Set the compression level from 0 (no compression) to 9 (best compression) when sending logs. DdMaxWorkers: Type: Number Default: 20 Description: Set the max number of workers sending logs concurrently. PermissionsBoundaryArn: Type: String Default: "" Description: ARN for the Permissions Boundary Policy AdditionalTargetLambdaArns: Type: CommaDelimitedList Default: "" Description: Comma separated list of lambda ARNs that get invoked asynchronously with the same input event DdApiUrl: Type: String Default: "" Description: The endpoint URL to forward the metrics to, useful for forwarding metrics through a proxy DdTraceIntakeUrl: Type: String Default: "" Description: The endpoint URL to forward the traces to, useful for forwarding traces through a proxy DdForwarderBucketName: Type: String Default: "" Description: The name of the forwarder bucket to create. If not provided, AWS will generate a unique name. Conditions: IsAWSChina: Fn::Equals: - Ref: AWS::Partition - "aws-cn" IsGovCloud: Fn::Equals: - Ref: AWS::Partition - "aws-us-gov" UseZipCopier: Fn::Or: - Condition: IsAWSChina - Fn::And: - Fn::Equals: [!Ref InstallAsLayer, "false"] - Fn::Not: - Condition: SetLayerARN CreateDdApiKeySecret: Fn::Equals: - Ref: DdApiKeySecretArn - "arn:aws:secretsmanager:DEFAULT" SetFunctionName: Fn::Not: - Fn::Equals: - Ref: FunctionName - "DatadogForwarder" SetSourceZipUrl: Fn::Not: - Fn::Equals: - Ref: SourceZipUrl - "" SetS3SourceZip: Fn::Equals: - !Select [0, !Split ["/", !Ref SourceZipUrl]] - "s3:" SetDdTags: Fn::Not: - Fn::Equals: - Ref: DdTags - "" SetDdUseTcp: Fn::Equals: - Ref: DdUseTcp - true SetDdNoSsl: Fn::Equals: - Ref: DdNoSsl - true SetDdUrl: Fn::Not: - Fn::Equals: - Ref: DdUrl - "" SetDdPort: Fn::Not: - Fn::Equals: - Ref: DdPort - "" SetRedactIp: Fn::Equals: - Ref: RedactIp - true SetRedactEmail: Fn::Equals: - Ref: RedactEmail - true SetDdScrubbingRule: Fn::Not: - Fn::Equals: - Ref: DdScrubbingRule - "" SetDdScrubbingRuleReplacement: Fn::Not: - Fn::Equals: - Ref: DdScrubbingRuleReplacement - "" SetExcludeAtMatch: Fn::Not: - Fn::Equals: - Ref: ExcludeAtMatch - "" SetIncludeAtMatch: Fn::Not: - Fn::Equals: - Ref: IncludeAtMatch - "" SetDdMultilineLogRegexPattern: Fn::Not: - Fn::Equals: - Ref: DdMultilineLogRegexPattern - "" SetDdSkipSslValidation: Fn::Equals: - Ref: DdSkipSslValidation - true SetDdFetchLambdaTags: Fn::Equals: - Ref: DdFetchLambdaTags - true SetDdFetchLogGroupTags: Fn::Equals: - Ref: DdFetchLogGroupTags - true CreateS3BucketForTags: Fn::Or: - Fn::Equals: - Ref: DdFetchLogGroupTags - true - Fn::Equals: - Ref: DdFetchLambdaTags - true SetDdUsePrivateLink: Fn::Equals: - Ref: DdUsePrivateLink - true SetDdUseVPC: Fn::Equals: - Ref: DdUseVPC - true SetDdHttpProxyURL: Fn::Not: - Fn::Equals: - Ref: DdHttpProxyURL - "" SetDdNoProxy: Fn::Not: - Fn::Equals: - Ref: DdNoProxy - "" SetLayerARN: Fn::Not: - Fn::Equals: - Ref: LayerARN - "" UseVPC: Fn::Or: - Condition: SetDdUsePrivateLink - Condition: SetDdUseVPC SetDdForwardLog: Fn::Equals: - Ref: DdForwardLog - false SetDdUseCompression: Fn::Equals: - Ref: DdUseCompression - false SetDdCompressionLevel: Fn::Not: - Fn::Equals: - Ref: DdCompressionLevel - 6 SetDdMaxWorkers: Fn::Not: - Fn::Equals: - Ref: DdMaxWorkers - 20 SetPermissionsBoundary: Fn::Not: - Fn::Equals: - Ref: PermissionsBoundaryArn - "" SetAdditionalTargetLambdas: Fn::Not: - Fn::Equals: - Fn::Join: ["", !Ref AdditionalTargetLambdaArns] - "" SetDdApiUrl: Fn::Not: - Fn::Equals: - Ref: DdApiUrl - "" SetDdTraceIntakeUrl: Fn::Not: - Fn::Equals: - Ref: DdTraceIntakeUrl - "" SetDdForwarderBucketName: Fn::Not: - Fn::Equals: - Ref: DdForwarderBucketName - "" Rules: MustSetDdApiKey: Assertions: - Assert: Fn::Or: - Fn::Not: - Fn::Equals: - Ref: DdApiKey - "" - Fn::Not: - Fn::Equals: - Ref: DdApiKeySecretArn - "arn:aws:s ``` Error is: **Resource handler returned message: "Specified ReservedConcurrentExecutions for function decreases account's UnreservedConcurrentExecution below its minimum value of [10]. (Service: Lambda, Status Code: 400, Request ID: e1f10e3a-7b20-4d80-ad8c-0d58299bfd58)" (RequestToken: 10e1a046-9b8c-b47c-a925-f13a6614ed1a, HandlerErrorCode: InvalidRequest)**
0
answers
0
votes
24
views
profile picture
asked 21 days ago

s3 trigger configuration at an impasse

I have a lambda function in Python3.8 runtime deployed as a docker container via serverless application. I need an s3 trigger to initiate this lambda, which I created some time ago during the original deployment. I recently redeployed the function and now the trigger doesn't work, I cannot update it, I cannot create a new trigger to initiate the function, and I cannot delete the event notifications on the s3 bucket This is the error I get when I try to create a new event notification on the s3 bucket: ``` Configuration is ambiguously defined. Cannot have overlapping suffixes in two rules if the prefixes are overlapping for the same event type. ``` When I try to delete the existing event notification, it does nothing. If I try to create an s3 trigger on the lambda I get this error: ``` An error occurred when creating the trigger: Configuration is ambiguously defined. Cannot have overlapping suffixes in two rules if the prefixes are overlapping for the same event type. ``` I removed the whole service via serverless and changed the name. When I tried to redeploy the function (under a new name) with the event defined in the serverless.yml, I got this deployment error: ``` Received response status [FAILED] from custom resource. Message returned: Unable to validate the following destination configurations ``` How can I delete or update the existing resource so I can get this trigger working???
0
answers
0
votes
22
views
asked 23 days ago