Reputation: 1276
AWS Parameters and Secrets Lambda Extension throwing 400 Bad Request
We have been trying to use the AWS Parameters and Secrets Lambda Extension with one of our .NET 6 Lambdas.
The region is us-east-1 and the version of the extension is 1.0.103.
The requests to the extension are returning 400 (Bad Request).
The HTTP client is initialized with the correct header:
var _httpClient = new HttpClient();
_httpClient.DefaultRequestHeaders.Add("X-AWS-Parameters-Secrets-Token", Environment.GetEnvironmentVariable("AWS_SESSION_TOKEN"));
and the request is sent to the following URL:
http://localhost:2773/secretsmanager/get?secretId={MY-SECRET-NAME}
We have verified that the execution role of Lambda has permission to read from Secrets Manager and that the secret name is valid, by manually using the .NET SDK.
Upvotes: 4
Views: 2978
Answers (2)
Reputation: 21
I also have same problem when I trigger the lambda function which use parameter store by same extension. In my case, the problem was happened calling only first time after lambda deploy. But, since calling in second time, the problem was gone.
If you might have same situation, it could be the problem to call the request before ready to use the extension. Because when I check the cloudwatch log, I saw like logs in below order in error case.
2023-07-20T12:46:22.652+09:00 HTTP Error 400: Bad Request
2023-07-20T12:46:22.652+09:00 [AWS Parameters and Secrets Lambda Extension] 2023/07/20 03:46:22 INFO ready to serve traffic
BTW in normal case (since second calling), the logs order was different.
2023-07-20T12:46:55.628+09:00 [AWS Parameters and Secrets Lambda Extension] 2023/07/20 03:46:55 INFO ready to serve traffic
2023-07-20T12:46:55.720+09:00 calling load_parameter_store()
I don't know why lambda handler was executed before the extension ready to use. But in my assumption is that it take more time to retrieve data in first time because there is no data in cache. https://aws.amazon.com/ko/blogs/compute/using-the-aws-parameter-and-secrets-lambda-extension-to-cache-parameters-and-secrets/
For a while, I applied to workaround solution using backing off retry library. I'm using Python for the lambda function, so I applied below backoff library. https://pypi.org/project/backoff/
I'm not familier with .NET, but you can find some back off support like below; https://learn.microsoft.com/en-us/dotnet/architecture/microservices/implement-resilient-applications/implement-http-call-retries-exponential-backoff-polly
Hope this helps you.
Upvotes: 2
Reputation: 23682
The header X-AWS-Parameters-Secrets-Token is case-sensitive & needs to be set to X-Aws-Parameters-Secrets-Token.
This is resulting in a 400 Bad Request response (strangely, as I would expect a 401 Unauthorized response, in this case, to hint at the header not being interpreted correctly).
Try replacing:
_httpClient.DefaultRequestHeaders.Add("X-AWS-Parameters-Secrets-Token", Environment.GetEnvironmentVariable("AWS_SESSION_TOKEN"));
with:
_httpClient.DefaultRequestHeaders.Add("X-Aws-Parameters-Secrets-Token", Environment.GetEnvironmentVariable("AWS_SESSION_TOKEN"));
Upvotes: 2
Related Questions
- Flutter change dialog background color
- how can I change the surface tint color when I open a dialog in flutter
- how to make side color on dialog
- How to change flutter dialog color when dialog is open?
- Change background color of DialogButton in Flutter
- Dialog with stroked round background in Flutter
- In dialog box how to change container background color when click on it in flutter?
- Flutter :- Custom showDialog with background Color
- Animate backgroundColor of Dialog
- How to add circular border to dialog in flutter?