Questions tagged with AWS Lambda
Content language: English
Sort by most recent
The following link is helpful in answering how to unblock port 25:
[Remove port 25 restriction from your EC2 instance | AWS re:Post](https://repost.aws/knowledge-center/ec2-port-25-throttle). However, my question pertains as to why it's blocked.
Doing some research I've found a list of reasons as to why port 25 might be blocked or throttled by hosts and ISPs, but I was hoping for a more official explanation from AWS as to why it's blocked here.
Thank you.
I want to send data to s3 bucket using extensions that we add in layers. at aws lambda.
I'm trying to test a Lambda within the console but I get the following error whether or not I run my function or even something as basic as a print statement: "Calling the invoke API action failed with this message: The role defined for the function cannot be assumed by Lambda."
I've read what feels like an infinite number of guides/ tutorials/ stack overflow questions that involve updating trust policies/ permissions/ whatever and nothing appears to have any effect on the response. The regions match, and everything should have all of the access it needs to perform a simple execution and then some. I'm also the root user on this personal account, if that's a factor.
This problem has persisted over multiple days and a few attempts starting from scratch, but the end result is always the same error. Any leads and/or guidance are welcome and appreciated, thank you for your time.
Hi,
we have the next code deployed on a Lambda:
```
async function getToken(hostname, port, username, region) {
// Security relies on temporal IAM tokens instead of passwords + TLS encryption.
const signer = new Signer({
hostname: hostname,
port: port,
username: username,
region: region,
});
return await signer.getAuthToken();
}
export const databaseProviders = [
{
provide: 'SEQUELIZE',
useFactory: async () => {
const hostname = process.env.DB_HOSTNAME;
const port = Number(process.env.DB_PORT);
const dbname = process.env.DB_NAME;
const username = process.env.DB_USERNAME;
const region = process.env.AWS_REGION;
const token = await getToken(hostname, port, username, region);
const sequelize = new Sequelize({
host: hostname,
dialect: 'mysql',
database: dbname,
username: username,
password: token,
port: port,
dialectOptions: {
ssl: 'Amazon RDS',
authPlugins: {
mysql_clear_password: () => () => {
return token;
},
},
},
});
return sequelize;
},
},
];
```
This always worked perfectly fine both locally and deployed on the cloud, but suddenly stopped working locally. By logging the token I found that, when invoked locally, the signer returns a temporal token WITHOUT X-Amz-Security-Token (when invoked on the cloud, X-Amz-Security-Token is present).
Could it be some change in IAM deployed by AWS recently?
Thanks in advance,
Franco
I have a Cognito user pool and a lambda function in a VPC. That lambda function is hooked up to a 'Post confirmation Lambda trigger'.
The lambda function is a little Go function that is doing a call to Cognito itself to get some data regarding the just signed-up user. However, after calling CognitoIdentityProvider.AdminGetUser(....) my lambda function times out.
I tried to move the Lambda function out of the VPC, and it seems to work without problems. I am simply following the examples. However, the lambda function needs to be in the VPC since my RDS instance is also there, and I need to make connections to my RDS instance as well.
So to 'illustrate'.
User confirms email (through Cognito) -> Lambda in VPC gets triggered -> CognitoIdentityProvider.AdminGetUser() -> Times out.
Can someone maybe give me some insights on how I can make my lambda function work?
I've a lambda that processes messages from SQS.
The input queue has a redrive policy that causes messages to be moved to a DLQ if the lambda fails to process them after repeated attempts. This arrangement works and, if there are messages in the DLQ, I can send them back to the source queue using the the AWS console "Start DLQ redrive" button, along with the "Redrive to source queue(s)" option.
For some messages, however, the lambda function decides to push them directly to the DLQ. For those messages, however, when I try a DLQ redrive using the "Redrive to source queue(s)" option, it fails with "Failed: CouldNotDetermineMessageSource".
Is there any way that I can avoid this message, or does the "Redrive to source queue(s)" option only work for messages put in the DLQ by the AWS runtime ?
stack status is UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS since 30 hours. it is a *standalone* stack, and it has *no custom resources*.
previously a change set failed, and the newly created lambda function and a lambda function url needed to be deleted during cleanup. for unknown reasons, the url deletion failed. however, CF proceeded with deleting the function to which the url belongs. then a repeated delete attempt also failed.
the lambda function url was (intended to be) attached to a cloudfront distribution as origin. it didn't happen though, because the template contained errors.
last relevant events:
2023-03-20 17:54:52 UTC+0100 LambdaOriginAuthParseUrl DELETE_FAILED Internal Failure
2023-03-20 17:54:51 UTC+0100 LambdaOriginAuthParseUrl DELETE_IN_PROGRESS -
2023-03-20 17:54:59 UTC+0100 LambdaOriginAuthParse DELETE_COMPLETE -
2023-03-20 17:54:53 UTC+0100 LambdaOriginAuthParse DELETE_IN_PROGRESS -
2023-03-20 17:58:01 UTC+0100 LambdaOriginAuthParseUrl DELETE_FAILED Internal Failure
2023-03-20 17:58:00 UTC+0100 LambdaOriginAuthParseUrl DELETE_IN_PROGRESS -
in this time interval, CloudTrail logs contain NO record of any Url deletion attempts. there are a bunch of other modifications done by CF, but the only activity related to this function is:
2023-03-20T16:54:54Z lambda.amazonaws.com DeleteFunction20150331
which coincides the function deletion. before that time code, the function is not modified in any way, according to CloudTrail.
the resource is now in CREATE_COMPLETE state. the function itself is *not* in the resource list, it has been deleted.
LambdaOriginAuthParseUrl arn:aws:lambda:us-east-1:<redacted>:function:knowledgebase-LambdaOriginAuthParse-HkGjunQNhg7B AWS::Lambda::Url CREATE_COMPLETE -
at this point, the stack refuses the following CLI actions:
* cancel-update-stack
* continue-update-rollback
* continue-update-rollback --resources-to-skip
* delete-stack
* delete-stack --retain-resources
* deploy
* detect-stack-drift
* rollback-stack
* signal-resource
* update-stack
the error message is, in every case, indicates that the operation is not available in this state. note that delete-task is also not available.
I've deployed a Nextjs v12 app on Amplify but I got error 503 on nextjs API routes:
ISSUE
The Lambda function associated with the Cloudfront distribution is invalid or doesn't have the required permissions. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through Cloudfront, you can find steps to troubleshoot and help prevent this error by reviewing the Cloudfront documentation.
MY TRIES
I tried to add permissions for lambda functions to the Amplify role but it doesn't work. Also can't find a policy specific to lambda@edge.
I can see on the linked Cloufront the lambda@edge.
I found different documentation on this issue but the only solution proposed was to downgrade Nextjs to v11, something I wan to avoid.
No issues logged in the Amplify deploy:
2023-03-21T18:42:58 [INFO]: Deployed the following resources to your account:
2023-03-21T18:42:58 [INFO]: - CloudFront Domain ID: xxx
2023-03-21T18:42:58 [INFO]: - SSR Lambda@Edge: xxx
2023-03-21T18:42:58 [INFO]: - API Lambda@Edge: xxx
2023-03-21T18:42:58 [INFO]: - Image Optimization Lambda@Edge: xxx
2023-03-21T18:42:58 [INFO]: - S3 Bucket: xxx
2023-03-21T18:42:59 [INFO]: Deployment complete
SPECS
I'm using Amplify 'web dynamic', Nextjs v12, prisma (I do 'npx prisma generate' in the build phase).
Hi!
I'm reading the log file from my proxy server/squid and there is an unknown url from "lambda-url" from many and differents workstations/IP addresses.
So, Can anybody know what is this?
Thank you!
Hi,
I want to call a HTTP endpoint from my AWS API gateway and that endpoint is secured with Oauth 2.0. So, is there any way to implement Oauth 2.0 using HTTP integration type in AWS API Gateway (API Creation Wizard)?
Also, if lambda is the only option, any examples will be appreciated.
Hi there,
in a step function tutorial by AWS (https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-get-started-parallel-tasks.html) I am asked to create a Lambda function in Node.js 16.x with this code:
const ssnRegex = /^\d{3}-?\d{2}-?\d{4}$/;
const emailRegex = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/;
class ValidationError extends Error {
constructor(message) {
super(message);
this.name = "CustomValidationError";
}
}
exports.handler = async (event) => {
const {
ssn,
email
} = event;
console.log(`SSN: ${ssn} and email: ${email}`);
const approved = ssnRegex.test(ssn) && emailRegex.test(email);
if (!approved) {
throw new ValidationError("Check Identity Validation Failed");
}
return {
statusCode: 200,
body: JSON.stringify({
approved,
message: `Identity validation ${approved ? 'passed' : 'failed'}`
})
}
};
The test returns an error though:
Response
{
"errorType": "CustomValidationError",
"errorMessage": "Check Identity Validation Failed",
"trace": [
"CustomValidationError: Check Identity Validation Failed",
" at Runtime.exports.handler (/var/task/index.js:21:15)",
" at Runtime.handleOnceNonStreaming (file:///var/runtime/index.mjs:1085:29)"
]
}
Can someone help me?
Amazon VPC has support for multicast, as this page of the documentation explains: [https://docs.aws.amazon.com/vpc/latest/tgw/working-with-multicast.html ](https://docs.aws.amazon.com/vpc/latest/tgw/working-with-multicast.html)
AWS lambda can be connected to a VPC: [https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html)
Can AWS lambda send and/or receive multicast messages to/from a VPC?