Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: sam remote invoke failing with valid credentials #5820

Closed
nonken opened this issue Aug 22, 2023 · 4 comments
Closed

Bug: sam remote invoke failing with valid credentials #5820

nonken opened this issue Aug 22, 2023 · 4 comments
Labels
area/remote/invoke sam remote invoke command stage/waiting-for-release Fix has been merged to develop and is waiting for a release type/bug

Comments

@nonken
Copy link

nonken commented Aug 22, 2023
edited
Loading

Description:

I am running the following commands:

sam remote invoke arn:aws:lambda:us-east-1:ACCOUNT_ID:function:NAME --profile Administrator-ACCOUNT_ID

and am getting this response:

Invoking Lambda Function arn:aws:lambda:us-east-1:ACCOUNT_ID:function:NAME
Error: An error occurred (UnrecognizedClientException) when calling the Invoke operation: The security token included in the request is invalid.

When invoking the same function with the AWS CLI, and the same SSO profile --profile Administrator-ACCOUNT_ID the invocation succeeds.

I have deployed the Lambda using the CDK. I am using SAM for local testing.

Steps to reproduce:

On my environment the following steps are failing:

  1. Deploy Lambda using the CDK
  2. fetch credentials using aws configure sso
  3. Use the declared profile with the SAM CLI.

Observed result:

Invoking Lambda Function arn:aws:lambda:us-east-1:ACCOUNT_ID:function:NAME
Error: An error occurred (UnrecognizedClientException) when calling the Invoke operation: The security token included in the request is invalid.

Expected result:

I expect the lambda invocation logs.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

{
  "version": "1.95.0",
  "system": {
    "python": "3.8.13",
    "os": "macOS-13.2-arm64-arm-64bit"
  },
  "additional_dependencies": {
    "docker_engine": "20.10.22",
    "aws_cdk": "2.92.0 (build bf62e55)",
    "terraform": "Not available"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

And here the log output

2023-08-22 13:49:50,757 | No config file found in this directory.
2023-08-22 13:49:50,759 | OSError occurred while reading TOML file: [Errno 2] No such file or directory:
'/Users/.../dev/.../.../apps/.../samconfig.toml'
2023-08-22 13:49:50,759 | Config file location: /Users/.../dev/.../.../apps/.../samconfig.toml
2023-08-22 13:49:50,760 | Config file '/Users/.../dev/.../.../apps/.../samconfig.toml' does not exist
2023-08-22 13:49:50,786 | Converting provided --output option value to Enum
2023-08-22 13:49:50,793 | Using config file: samconfig.toml, config environment: default
2023-08-22 13:49:50,793 | Expand command line arguments to:
2023-08-22 13:49:50,794 | --resource_id=arn:aws:lambda:us-east-1:ACCOUNT_ID:function:FUNCTION_NAME --output=RemoteInvokeOutputFormat.TEXT
2023-08-22 13:49:50,816 | Invoking Lambda Function arn:aws:lambda:us-east-1:ACCOUNT_ID:function:FUNCTION_NAME
2023-08-22 13:49:51,571 | Function arn:aws:lambda:us-east-1:ACCOUNT_ID:function:FUNCTION_NAME, doesn't have Function URL configured,
using regular invoke
Traceback (most recent call last):
  File "samcli/lib/remote_invoke/lambda_invoke_executors.py", line 227, in _is_function_invoke_mode_response_stream
  File "botocore/client.py", line 535, in _api_call
  File "botocore/client.py", line 980, in _make_api_call
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the GetFunctionUrlConfig operation: The security
token included in the request is invalid.
2023-08-22 13:49:51,574 | Input event not found, invoking resource with an empty event
2023-08-22 13:49:51,574 | Mapping input event to JSON string object
2023-08-22 13:49:51,575 | Calling lambda_client.invoke with FunctionName:arn:aws:lambda:us-east-1:ACCOUNT_ID:function:FUNCTION_NAME,
Payload:{}, parameters:{'InvocationType': 'RequestResponse', 'LogType': 'Tail', 'FunctionName':
'arn:aws:lambda:us-east-1:ACCOUNT_ID:function:FUNCTION_NAME', 'Payload': '{}'}
2023-08-22 13:49:51,734 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2023-08-22 13:49:51,770 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2023-08-22 13:49:51,770 | Sending Telemetry: {'metrics': [{'commandRun': {'requestId': '25b23274-27de-42c6-a1ed-4af8b5738337',
'installationId': '1bbc7e26-f4a9-42f5-ba5d-69b0d3191797', 'sessionId': '83fcab6a-59e8-4c66-a09e-4508d7f333e8', 'executionEnvironment': 'CLI',
'ci': False, 'pyversion': '3.8.13', 'samcliVersion': '1.95.0', 'awsProfileProvided': True, 'debugFlagProvided': True, 'region': '',
'commandName': 'sam remote invoke', 'metricSpecificAttributes': {'projectType': 'CFN', 'gitOrigin': None, 'projectName':
'269debbbb238874a86bcaf023684bf56095f392b7486185d1f8f4206174328b2', 'initialCommit': None}, 'duration': 941, 'exitReason':
'ErrorBotoApiCallException', 'exitCode': 1}}]}
2023-08-22 13:49:51,771 | Unable to find Click Context for getting session_id.
2023-08-22 13:49:51,773 | Sending Telemetry: {'metrics': [{'events': {'requestId': '6dbb13f6-3882-4192-b2a3-4230b356a699', 'installationId':
'1bbc7e26-f4a9-42f5-ba5d-69b0d3191797', 'sessionId': '83fcab6a-59e8-4c66-a09e-4508d7f333e8', 'executionEnvironment': 'CLI', 'ci': False,
'pyversion': '3.8.13', 'samcliVersion': '1.95.0', 'metricSpecificAttributes': {'events': [{'event_name': 'SamConfigFileExtension',
'event_value': '.toml', 'thread_id': 'f892740723b54ca0afc9366f976f61ba', 'time_stamp': '2023-08-22 11:49:50.759', 'exception_name':
None}]}}}]}
2023-08-22 13:49:52,435 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read
timeout=0.1)
Error: An error occurred (UnrecognizedClientException) when calling the Invoke operation: The security token included in the request is invalid.
2023-08-22 13:49:52,437 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read
timeout=0.1)
@nonken nonken added the stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. label Aug 22, 2023
@hawflau hawflau added stage/bug-repro The issue/bug needs to be reproduced area/remote/invoke sam remote invoke command and removed stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. labels Aug 22, 2023
@hawflau
Copy link
Contributor

hawflau commented Aug 22, 2023

Hi @nonken, thanks for raising the issue. It seems the sam remote invoke command does not care about the provided --profile option. It looks like an easy fix though, I'll raise a PR soon

@hawflau hawflau added type/bug and removed stage/bug-repro The issue/bug needs to be reproduced labels Aug 22, 2023
@hawflau hawflau mentioned this issue Aug 22, 2023
Merged
8 tasks
@nonken
Copy link
Author

nonken commented Aug 22, 2023

@hawflau thank you, you are awesome 🙏🏻🚀

@hawflau hawflau added the stage/waiting-for-release Fix has been merged to develop and is waiting for a release label Aug 23, 2023
@github-actions
Copy link
Contributor

Patch is released in v1.96.0. Closing

@nonken
Copy link
Author

nonken commented Aug 30, 2023

Thank you @hawflau 🙏🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/remote/invoke sam remote invoke command stage/waiting-for-release Fix has been merged to develop and is waiting for a release type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nonken @hawflau