- 最新
- 投票最多
- 评论最多
The errors you're encountering indicate there's an SSL (Secure Sockets Layer) communication problem between your client (AWS CLI or browser) and the AWS Lambda service endpoint.
For the AWS Management Console in the browser:
- The error message suggests that your browser was unable to establish a secure connection with the AWS service endpoint. This could be due to network issues, outdated browser, strict network policies, or a misconfigured proxy.
For the AWS CLI:
- The
SSL: UNEXPECTED_EOF_WHILE_READING
error indicates that the SSL connection was terminated unexpectedly, likely due to similar issues as above or a problem with the Python environment's SSL library.
Here are some steps you can take to troubleshoot and potentially resolve the issue:
-
Update Your Tools:
- Update your browser to the latest version.
- Update the AWS CLI to the latest version.
- Ensure that your operating system and its SSL/TLS libraries are up to date.
-
Network Configuration:
- If you're behind a corporate firewall or VPN, check that it's configured to allow SSL/TLS traffic to AWS service endpoints.
- Check your local network's firewall settings and any security software that may be interrupting SSL connections.
-
Proxy Settings:
- If you're using a proxy, ensure that it's correctly configured for both your browser and the AWS CLI.
- If you're not using a proxy, ensure that no environment variables (like
https_proxy
orhttp_proxy
) are incorrectly set which might be routing traffic through a non-existent proxy.
-
Certificate Issues:
- Verify that your system recognizes and trusts the CA (Certificate Authority) that issued the AWS service endpoint's certificate.
- Ensure that the path to the certificate bundle used by the AWS CLI and Python is correct and that the certificates are not corrupted.
-
AWS CLI Configuration:
- Ensure that your AWS CLI is configured with the correct region and that the credentials are up to date.
- If you have multiple AWS profiles, check that you're using the correct profile with the
--profile
option.
-
Use
curl
oropenssl s_client
: To further diagnose the SSL handshake, you could use tools likecurl
with the-v
flag oropenssl s_client
to attempt to connect to the AWS service endpoint and observe where the SSL handshake is failing.
If you have recently changed any network settings or updated your system, these changes could also be related to the issue. If the problem persists after troubleshooting, consider reaching out to AWS Support for further assistance, as this issue may be specific to your environment or account.
Thank you for your suggestions.
My laptop is behind corporate zScaler, but I also checked with a linux server on my home network, without any restrictions. The linux server worked fine.
I was not signed in to private access on zScaler. Once I authenticated in zScaler, both the browser and CLI commands worked for all regions.
It is curious that the command worked in some regions but not all. I encountered the problem in us-east-1
and eu-west-1
but not in eu-west-2
, for example.
Perhaps something to do with how my company has zScaler configured, but I can take that up internally.