Questions tagged with Serverless
Content language: English
Sort by most recent
I'm trying to write an Eventbridge event rule to detect a Security Group inbound rule change which allows ingress on SSH or RDP from 0.0.0.0/0. However, I'm getting error "Event pattern is not valid" for ipRanges on below rule:
```
AWSTemplateFormatVersion: '2010-09-09'
Description: SecurityAlerting
Resources:
SGEventRuleNew:
Type: 'AWS::Events::Rule'
Properties:
Name: detect-SG-insecure-inbound
Description: An Event Rule that triggers on SG changes.
State: ENABLED
EventBusName: default
EventPattern:
source:
- aws.ec2
detail-type:
- AWS API Call via CloudTrail
detail:
eventSource:
- ec2.amazonaws.com
eventName:
- AuthorizeSecurityGroupIngress
requestParameters:
ipPermissions:
items:
- fromPort:
numeric:
- 22
- 3389
toPort:
numeric:
- 22
- 3389
ipRanges:
items:
- cidrIp:
match: 0.0.0.0/0
```
A sample event is as below:
```
{
"version": "0",
"id": "xyzxyzxyz",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.ec2",
"account": "123456789123",
"time": "2023-03-31T13:44:17Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROA:XYZ",
"arn": "arn:aws:sts::123456789123:assumed-role/XYZ",
"accountId": "123456789123",
"accessKeyId": "XYZ",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "XYZ",
"arn": "arn:aws:sts::123456789123:assumed-role/XYZ",
"accountId": "123456789123",
"userName": "XYZ"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-03-31T13:15:37Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-03-31T13:44:17Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "AuthorizeSecurityGroupIngress",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.1.1.1",
"userAgent": "AWS Internal",
"requestParameters": {
"groupId": "sg-12346789456",
"ipPermissions": {
"items": [{
"ipProtocol": "tcp",
"fromPort": 22,
"toPort": 22,
"groups": {},
"ipRanges": {
"items": [{
"cidrIp": "0.0.0.0/0"
}]
},
"ipv6Ranges": {},
"prefixListIds": {}
}]
}
},
"responseElements": {
"requestId": "546416541321654654164",
"_return": true,
"securityGroupRuleSet": {
"items": [{
"groupOwnerId": "123456789123",
"groupId": "sg-12346789456",
"securityGroupRuleId": "sg-12346789456",
"isEgress": false,
"ipProtocol": "tcp",
"fromPort": 22,
"toPort": 22,
"cidrIpv4": "0.0.0.0/0"
}]
}
},
"requestID": "546416541321654654164",
"eventID": "546416541321654654164",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789123",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"
}
}
```
Please suggest how I can correct the syntax to validate the rule and match the event.
We have a use case where we need to retrieve data from an external system using a REST API interface and store it into Redshift. The volume of data is expected to be quite small and the process needs to run on a schedule, once a day.
What tools and architecture is recommended for this?
Thanks!
I find different pieces of the puzzle I need to solve, but none of the examples I've found online show how to do multiple stages in a sam template (ie: Deploy dev, prod, and test) at the same time. And none show how to proxy to a URI that I've found. All of them show the gateway going to lambda as a proxy. But how do you do a standard http_proxy in the template?
Sorry, new to SAM so trying to figure things out. I need 1 API gateway with multiple stages that http_proxies to a URI. Each stage goes to the same place, but different API keys used for each one as a stage variable. And I need it to be private with two VPCE's so I have to attach a resource policy to it as well. All in SAM :)
some time ago, I was told that for using Kinesis delivery stream to Redshift, you HAD to use a provisioned cluster, not serverless.
Something to do with Kinesis only able to use public IP addresses on both sides, and Redshift serverless was internal-only.
Has this been fixed yet?
I see I can now create a "Redshift endpoint" for Redshift serverless... AND checked the "Enable public access" checkbox.
but when I try to define it as the destination for Kinesis delivery stream (in the GUI), my redshift serverless instance still doesnt show up as an option.
I publish my api project at aws lambda. After publishing, when i test API this error showing:
{
"errorType": "NullReferenceException",
"errorMessage": "Object reference not set to an instance of an object.",
"stackTrace": [
"at Amazon.Lambda.AspNetCoreServer.APIGatewayHttpApiV2ProxyFunction.MarshallRequest(InvokeFeatures features, APIGatewayHttpApiV2ProxyRequest apiGatewayRequest, ILambdaContext lambdaContext)",
"at Amazon.Lambda.AspNetCoreServer.AbstractAspNetCoreFunction`2.FunctionHandlerAsync(TREQUEST request, ILambdaContext lambdaContext)",
"at Amazon.Lambda.RuntimeSupport.HandlerWrapper.<>c__DisplayClass26_0`2.<<GetHandlerWrapper>b__0>d.MoveNext()",
"--- End of stack trace from previous location ---",
"at Amazon.Lambda.RuntimeSupport.LambdaBootstrap.InvokeOnceAsync(CancellationToken cancellationToken)"
]
}
And when call any endpoint the response is:
can't parse JSON. Raw result:
Internal Server Error
This is program.cs file
using BT.API.Extensions;
using BT.API.Hubs;
using BT.Repository.Domains.Requests;
using Core.Constants;
using Core.Filters;
using Core.Infrastructure.Options;
using Core.Infrastructure.Security;
using Core.Interfaces.Services;
using FluentValidation.AspNetCore;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.OpenApi.Models;
using Serilog;
var builder = WebApplication.CreateBuilder(args);
builder.Host.UseSerilog((context, configuration) =>
{
configuration.ReadFrom.Configuration(context.Configuration);
});
//builder.Services.AddCorsServices(builder.Configuration);
builder.Services.Configure<CorsOptions>(builder.Configuration.GetSection(nameof(CorsOptions)));
var corsOptions = builder.Configuration.GetSection(nameof(CorsOptions))
.Get(typeof(CorsOptions)) as CorsOptions;
builder.Services.AddCors(options =>
{
options.AddPolicy(corsOptions.PolicyName, policy =>
{
policy.AllowAnyHeader().AllowAnyMethod();
if (corsOptions != null)
{
policy.WithOrigins(corsOptions.Origins);
}
else
{
policy.AllowAnyOrigin();
}
policy.AllowCredentials().SetIsOriginAllowed((host) => true);
});
});
builder.Services.AddControllers(options =>
{
options.Filters.Add(typeof(InputValidationFilter));
// options.Filters.Add(typeof(ExceptionFilter));
})
.AddFluentValidation(fv =>
{
fv.RegisterValidatorsFromAssemblyContaining<SignInRequest>();
})
.AddNewtonsoftJson(x => x.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore)
.AddFluentValidation(x => x.RegisterValidatorsFromAssemblyContaining<SignInRequest>());
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "BT.API", Version = "v1" });
c.AddSignalRSwaggerGen();
});
builder.Services.AddDependencies(builder.Configuration);
builder.Services.AddScoped<IAuthenticatedUser, AuthenticatedUser>();
builder.Services.AddAWSLambdaHosting(LambdaEventSource.HttpApi);
var app = builder.Build();
if (app.Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "BT.API v1");
});
}
var corsOptionss = builder.Configuration.GetSection(nameof(CorsOptions))
.Get(typeof(CorsOptions)) as CorsOptions;
app.UseCors(corsOptions.PolicyName);
app.UseDependencies(builder.Configuration, app.Services.GetRequiredService<ILoggerFactory>());
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Map("/api/hello", app =>
{
app.Run(async context =>
{
await context.Response.WriteAsync("Hello, world!");
});
});
app.MapHub<SocketHub>(Constants.SOCKET_HUB);
app.Run();
Hi,
Is there a way to get the AWS Lambda Function URL string (or the bits to construct it) programmatically from the running instance of the Lambda itself?
I tried the below options and neither of them had the necessary URL:
1. checked the input object in `handleRequest(Object input, Context context)`
2. checked the items in `System.getenv()`
Thanks
We deployed a new version of a serverless (python) application yesterday. All the CloudFormation events have it looking like a successful deployment.
The error is that every lambda gets the
` Handler 'handler' missing on module 'routes/file_name'`
We have not made any changes to the structure of our code, nor any changes at all from the AWS console.
The changes we made are to use a newer version of Google Ads library, and also deployed from a new machine that required an updated version of `serverless` and `node` packages (plus whatever changed in their dependencies.)
```
$node --version
v16.19.1
$serverless --version
Running "serverless" from node_modules
1.30.1
```
I tried
- Rolling back one of the lambdas by specifying an older version int he API Gateway function that acts as a pass-through to the lambda.
- Deploying a previous version of our code, which I believe is exactly what was already being used by the lambda
- Creating an alias of an old version of the lambda, but couldn't figure out what to do with it.
I also double-checked the CloudWatch logs and verified that things were working correctly before the new deplioyment.
And finally, we deployed another app with a single lamda that gets its input from an SQS queue, with the same (broken) result.
This is causing a production outage of functionality that is important to our customers.
Let us say, I have 2 API gateways in 1 single project, is there any option to deploy multiple API gateways at once ? Or we have to manually deploy each API Gateway ? What is the best CICD option for this use case ?
I have an Aurora Serverless database, which I like to be notified whenever it scales. I've been using a band to do this, and it's fine 99% of the time. But sometimes, it triggers, and the database capacity hasn't changed. Digging into it in cloudwatch, I see this:
It looks like the band itself bounces around instead of remaining stable. Can anyone explain this? For now I've switched to a static alarm, so i stop getting 5 messages every night, but this isn't sufficient for longer term and our high load periods.
Java 17 is not supported by aws lambda. I need to create a lambda function using spring cloud and java 17 as base image. What dependencies i must install in my java 17 base image?
Let us say, I want to do versioning of APIs both for internal usage (client app) lambdas as well as for exposing some set of APIs (lambdas) for a third-party system. Before even starting to version, I want to enquire whether there is possibility of having multiple API Gateways for the same ? One for managing and deploying the internal APIs and another for deploying the APIs to expose to third-party system without cloud-front.
Or can single API gateway can manage both flows ?
What is the best method to manage this ?
Any suggestion / approach would be appreciated.
Hi,
I am deploying a lambda function that utilizes the NLTK packages for preprocessing text. For the application to work I need to download the stop words, punkt and wordnet libraries. I have deployed using a docker image and SAM cli. When the function runs on AWS, I get a series of errors when trying to access the NLTK libraries.
The first error I got was that '/home/sbx_user1051/' cannot be edited. After reading solutions on stack over flow, I was pointed in the direction of needing to store the NLTK libraries in the /tmp/ directory because that is the only directory that can be modified.
Now, after redeploying the image with the changes to the code, I have the files stored in temp, but the lambda function does not search for that file when trying to access the stop words. It still tries to search for the file in these directories:
- '/home/sbx_user1051/nltk_data'
- '/var/lang/nltk_data'
- '/var/lang/share/nltk_data'
- '/var/lang/lib/nltk_data'
- '/usr/share/nltk_data'
- '/usr/local/share/nltk_data'
- '/usr/lib/nltk_data'
- '/usr/local/lib/nltk_data'
What should I do about importing the NLTK libraries needed when running this function on aws lambda?