I am getting the following error:
[ERROR] SSLError: SSL validation failed for https://data.iot.ap-northeast-2.amazonaws.com/topics/app%2Ftest%2Fresponse?qos=1 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)
Traceback (most recent call last):
File "/var/task/app.py", line 197, in lambda_handler
mqttcli.test('test', '11111', {}, 1, 200)
File "/opt/python/lib/python3.8/site-packages/connectors/MQTTClient.py", line 40, in test
response = self._iot_client.publish(
File "/var/task/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/task/botocore/client.py", line 662, in _make_api_call
http, parsed_response = self._make_request(
File "/var/task/botocore/client.py", line 682, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/var/task/botocore/endpoint.py", line 102, in make_request
return self._send_request(request_dict, operation_model)
File "/var/task/botocore/endpoint.py", line 136, in _send_request
while self._needs_retry(attempts, operation_model, request_dict,
File "/var/task/botocore/endpoint.py", line 253, in _needs_retry
responses = self._event_emitter.emit(
File "/var/task/botocore/hooks.py", line 356, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "/var/task/botocore/hooks.py", line 228, in emit
return self._emit(event_name, kwargs)
File "/var/task/botocore/hooks.py", line 211, in _emit
response = handler(**kwargs)
File "/var/task/botocore/retryhandler.py", line 183, in __call__
if self._checker(attempts, response, caught_exception):
File "/var/task/botocore/retryhandler.py", line 250, in __call__
should_retry = self._should_retry(attempt_number, response,
File "/var/task/botocore/retryhandler.py", line 277, in _should_retry
return self._checker(attempt_number, response, caught_exception)
File "/var/task/botocore/retryhandler.py", line 316, in __call__
checker_response = checker(attempt_number, response,
File "/var/task/botocore/retryhandler.py", line 222, in __call__
return self._check_caught_exception(
File "/var/task/botocore/retryhandler.py", line 359, in _check_caught_exception
raise caught_exception
File "/var/task/botocore/endpoint.py", line 200, in _do_get_response
http_response = self._send(request)
File "/var/task/botocore/endpoint.py", line 269, in _send
return self.http_session.send(request)
File "/var/task/botocore/httpsession.py", line 281, in send
raise SSLError(endpoint_url=request.url, error=e)
This is the code that is causing this error:
_iot_client = boto3.client('iot-data',
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
region_name= REGION_NAME)
response = _iot_client.publish(
topic = "app/test/response",
qos = 1,
payload = json.dumps(
{
'msgid': msgid,
'status': status,
'data': payload
}
)
)
There is no error in S3 or other services through boto3. only iot-data.
It works without any problems when i run the .py.
but an error occurs when running after deploy to lambda.
There was no error until recently.
We also are experiencing this issue, in our case, an update in the "certifi" library (requests dependency) was causing some conflict with boto3 iot publish, rolling back the version solved the problem, although we are not entirely sure what exactly was failing.
You need to get the "Data-ATS" endpoint instead of the untrusted "Symantec" endpoint that's built-in. Try this:
import boto3
def get_aws_iot_ats_endpoint():
"""
Get the "Data-ATS" endpoint instead of the
untrusted "Symantec" endpoint that's built-in.
"""
iot_client = boto3.client(
"iot",
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
region_name= REGION_NAME,
verify=True
)
details = iot_client.describe_endpoint(endpointType="iot:Data-ATS")
host = details.get("endpointAddress")
return f"https://{host}"
IOT_DATA_ENDPOINT = get_aws_iot_ats_endpoint()
client_iot = boto3.client(
"iot-data",
aws_access_key_id=AWS_ACCESS_KEY_ID,
aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
region_name= REGION_NAME,
verify=True,
endpoint_url=IOT_DATA_ENDPOINT
)
response = client_iot.publish(
topic = "app/test/response",
qos = 1,
payload = json.dumps(
{
'msgid': msgid,
'status': status,
'data': payload
}
)
)
I had the same error.
Simply insert this at the beginning of your code:`
from botocore.exceptions import ClientError
It should work.
Best.
Related
My AWS lambda connection keeps timing out due to socket errors. I have set out the timeout for the lambda to be 12 minutes in the code (EDIT: I mean in the lambda console) and the lambda is not in private vpc so the problem is not related to that.
For example: I run a function that runs 450 seconds. The function runs successfully in the AWS but it is above some magical threshold so the python code waits until the timeout and then throws an error. If the lambda runtime is less than the magical threshold then the python code works without any errors.
Might it be some kind of socket error that then loses the connection after some time but keeps waiting until the socket times out? I have no experience related to how sockets work in Ubuntu machines.
My code for testing:
Lambda code:
import json
from time import sleep
def lambda_handler(event, context):
print("SLEEPING: " + str(event["sleep_time"]) + "s")
sleep(event["sleep_time"])
print("SLEEP ENDED")
return {
"statusCode": 200,
"sleep_time": event["sleep_time"]
}
Code to invoke lambda:
import boto3
from botocore.client import Config
import json
from datetime import datetime
read_timeout = 500
connect_timeout = 500
sleep_time = 450
config = Config(
read_timeout=read_timeout,
connect_timeout=connect_timeout,
retries={"max_attempts": 0}
)
lambda_client = boto3.client(
"lambda",
aws_access_key_id="xxx",
aws_secret_access_key="xxx",
config=config
)
st = datetime.now()
print(f"STARTED AT: {st}")
print(f"\tSLEEP TIME PARAMETER: {sleep_time}")
print(f"\tCONFIG read_timeout {read_timeout}")
print(f"\tCONFIG connect_timeout {connect_timeout}")
try:
lambda_client.invoke(
FunctionName="helloWorld",
Payload=json.dumps({"sleep_time": sleep_time})
)
finally:
et = datetime.now()
print(f"ENDED AT: {et}")
print(f"SECONDS TAKEN TO COMPLETE: {et - st}")
The function works when the sleep_time is set to low e.q. 3 but I keep running into errors when I set the sleep_time to larger values.
Output with sleep_time=3
STARTED AT: 2022-08-02 18:17:04.015493
SLEEP TIME PARAMETER: 3
CONFIG read_timeout 500
CONFIG connect_timeout 500
ENDED AT: 2022-08-02 18:17:07.357435
SECONDS TAKEN TO COMPLETE: 0:00:03.341942
Output with longer sleeptime:
STARTED AT: 2022-08-02 19:03:36.196755
SLEEP TIME PARAMETER: 450
CONFIG read_timeout 500
CONFIG connect_timeout 500
ENDED AT: 2022-08-02 19:11:56.553257
SECONDS TAKEN TO COMPLETE: 0:08:20.356502
And I get the following error message:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 421, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 416, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.8/http/client.py", line 1348, in getresponse
response.begin()
File "/usr/lib/python3.8/http/client.py", line 316, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.8/http/client.py", line 277, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.8/socket.py", line 669, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3.8/ssl.py", line 1241, in recv_into
return self.read(nbytes, buffer)
File "/usr/lib/python3.8/ssl.py", line 1099, in read
return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/.local/lib/python3.8/site-packages/botocore/httpsession.py", line 448, in send
urllib_response = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 376, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 423, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 330, in _raise_timeout
raise ReadTimeoutError(
urllib3.exceptions.ReadTimeoutError: AWSHTTPSConnectionPool(host='lambda.eu-west-1.amazonaws.com', port=443): Read timed out. (read timeout=900)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/tmp/lambda_test.py", line 24, in <module>
lambda_client.invoke(
File "/home/user/.local/lib/python3.8/site-packages/botocore/client.py", line 508, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/user/.local/lib/python3.8/site-packages/botocore/client.py", line 898, in _make_api_call
http, parsed_response = self._make_request(
File "/home/user/.local/lib/python3.8/site-packages/botocore/client.py", line 921, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/home/user/.local/lib/python3.8/site-packages/botocore/endpoint.py", line 119, in make_request
return self._send_request(request_dict, operation_model)
File "/home/user/.local/lib/python3.8/site-packages/botocore/endpoint.py", line 202, in _send_request
while self._needs_retry(
File "/home/user/.local/lib/python3.8/site-packages/botocore/endpoint.py", line 354, in _needs_retry
responses = self._event_emitter.emit(
File "/home/user/.local/lib/python3.8/site-packages/botocore/hooks.py", line 412, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "/home/user/.local/lib/python3.8/site-packages/botocore/hooks.py", line 256, in emit
return self._emit(event_name, kwargs)
File "/home/user/.local/lib/python3.8/site-packages/botocore/hooks.py", line 239, in _emit
response = handler(**kwargs)
File "/home/user/.local/lib/python3.8/site-packages/botocore/retryhandler.py", line 207, in __call__
if self._checker(**checker_kwargs):
File "/home/user/.local/lib/python3.8/site-packages/botocore/retryhandler.py", line 284, in __call__
should_retry = self._should_retry(
File "/home/user/.local/lib/python3.8/site-packages/botocore/retryhandler.py", line 320, in _should_retry
return self._checker(attempt_number, response, caught_exception)
File "/home/user/.local/lib/python3.8/site-packages/botocore/retryhandler.py", line 363, in __call__
checker_response = checker(
File "/home/user/.local/lib/python3.8/site-packages/botocore/retryhandler.py", line 247, in __call__
return self._check_caught_exception(
File "/home/user/.local/lib/python3.8/site-packages/botocore/retryhandler.py", line 416, in _check_caught_exception
raise caught_exception
File "/home/user/.local/lib/python3.8/site-packages/botocore/endpoint.py", line 281, in _do_get_response
http_response = self._send(request)
File "/home/user/.local/lib/python3.8/site-packages/botocore/endpoint.py", line 377, in _send
return self.http_session.send(request)
File "/home/user/.local/lib/python3.8/site-packages/botocore/httpsession.py", line 485, in send
raise ReadTimeoutError(endpoint_url=request.url, error=e)
botocore.exceptions.ReadTimeoutError: Read timeout on endpoint URL: "https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/helloWorld/invocations"
Edit:
Cloudwatch log for the errorcase:
2022-08-02T19:03:36.526+03:00 START RequestId: feffa401-62a2-4c77-8a92-96be27bdceeb Version: $LATEST
2022-08-02T19:03:36.529+03:00 SLEEPING: 450s
2022-08-02T19:11:06.638+03:00 SLEEP ENDED
2022-08-02T19:11:06.640+03:00 END RequestId: feffa401-62a2-4c77-8a92-96be27bdceeb
2022-08-02T19:11:06.640+03:00 REPORT RequestId: feffa401-62a2-4c77-8a92-96be27bdceeb Duration: 450102.24 ms Billed Duration: 450103 ms Memory Size: 128 MB Max Memory Used: 37 MB
The one that succeeded is similar to this
It is full log
File "/home/workspace/viv_data_handler/s3manager/s3_downloader.py", line 18, in download_file
self.resource.meta.client.download_file(bucket, key, dest)
File "/usr/local/lib/python3.5/site-packages/boto3/s3/inject.py", line 172, in download_file
extra_args=ExtraArgs, callback=Callback)
File "/usr/local/lib/python3.5/site-packages/boto3/s3/transfer.py", line 307, in download_file
future.result()
File "/usr/local/lib/python3.5/site-packages/s3transfer/futures.py", line 73, in result
return self._coordinator.result()
File "/usr/local/lib/python3.5/site-packages/s3transfer/futures.py", line 233, in result
raise self._exception
File "/usr/local/lib/python3.5/site-packages/s3transfer/tasks.py", line 255, in _main
self._submit(transfer_future=transfer_future, **kwargs)
File "/usr/local/lib/python3.5/site-packages/s3transfer/download.py", line 353, in _submit
**transfer_future.meta.call_args.extra_args
File "/usr/local/lib/python3.5/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.5/site-packages/botocore/client.py", line 599, in _make_api_call
operation_model, request_dict)
File "/usr/local/lib/python3.5/site-packages/botocore/endpoint.py", line 148, in make_request
return self._send_request(request_dict, operation_model)
File "/usr/local/lib/python3.5/site-packages/botocore/endpoint.py", line 177, in _send_request
success_response, exception):
File "/usr/local/lib/python3.5/site-packages/botocore/endpoint.py", line 273, in _needs_retry
caught_exception=caught_exception, request_dict=request_dict)
File "/usr/local/lib/python3.5/site-packages/botocore/hooks.py", line 227, in emit
return self._emit(event_name, kwargs)
File "/usr/local/lib/python3.5/site-packages/botocore/hooks.py", line 210, in _emit
response = handler(**kwargs)
File "/usr/local/lib/python3.5/site-packages/botocore/retryhandler.py", line 183, in __call__
if self._checker(attempts, response, caught_exception):
File "/usr/local/lib/python3.5/site-packages/botocore/retryhandler.py", line 251, in __call__
caught_exception)
File "/usr/local/lib/python3.5/site-packages/botocore/retryhandler.py", line 277, in _should_retry
return self._checker(attempt_number, response, caught_exception)
File "/usr/local/lib/python3.5/site-packages/botocore/retryhandler.py", line 317, in __call__
caught_exception)
File "/usr/local/lib/python3.5/site-packages/botocore/retryhandler.py", line 223, in __call__
attempt_number, caught_exception)
File "/usr/local/lib/python3.5/site-packages/botocore/retryhandler.py", line 359, in _check_caught_exception
raise caught_exception
File "/usr/local/lib/python3.5/site-packages/botocore/endpoint.py", line 222, in _get_response
proxies=self.proxies, timeout=self.timeout)
File "/usr/local/lib/python3.5/site-packages/botocore/vendored/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.5/site-packages/botocore/vendored/requests/adapters.py", line 431, in send
raise SSLError(e, request=request)
botocore.vendored.requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:719)
Hello I am developing a program using S3 and I have a problem
botocore.vendored.requests.exceptions.SSLError error occurred when I try download data using boto3 from S3
It works when another server use the same code. and It works when use aws cli on the same server(boto3 failed server).
I don't know how to solve it.
please help me. thank you.
For any boto3.Session.client or boto3.Session.resource object, you can pass the verify=False parameter to skip SSL certificate verification. For example, when you create the client or resource, do this:
import boto3
boto3_session = boto3.Session(profile_name=some_profile_you_configured)
s3_resource = boto3_session.resource(service_name='s3', verify=False)
s3_client = boto3_session.client(service_name='s3', verify=False)
[insert your code here using the s3_resource or s3_client objects]
The boto3 documentation is your best friend here.
so recently I tried myself with Exchangelib, but I currently can't solve the issue. Heres my code:
from exchangelib import DELEGATE, Account, Credentials, IMPERSONATION
from exchangelib.configuration import Configuration
config = Configuration(
server='https://XXX',
credentials=Credentials(username='XXX\\XXX', password='XXX')
)
account = Account(
primary_smtp_address='mail#mail.com',
config=config,
autodiscover=False,
access_type=DELEGATE,
)
for item in account.inbox.all().order_by('-datetime_received')[:20]:
print(item.subject, item.sender, item.datetime_received)
Currently I receive the following error:
File "Project/Exchange/standardoutlook2.py", line 23, in <module>
config = Configuration(server='https://XXX', credentials=credentials)
File "Projectvenv36\lib\site-packages\exchangelib\configuration.py", line 46, in __init__
version=version
File "Projectvenv36\lib\site-packages\exchangelib\protocol.py", line 176, in __call__
protocol = super(CachingProtocol, cls).__call__(*args, **kwargs)
File "Projectvenv36\lib\site-packages\exchangelib\protocol.py", line 209, in __init__
name=self.credentials.username)
File "Projectvenv36\lib\site-packages\exchangelib\transport.py", line 149, in get_service_authtype
timeout=BaseProtocol.TIMEOUT)
File "Projectvenv36\lib\site-packages\requests\sessions.py", line 559, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "Projectvenv36\lib\site-packages\requests\sessions.py", line 512, in request
resp = self.send(prep, **send_kwargs)
File "Projectvenv36\lib\site-packages\requests\sessions.py", line 622, in send
r = adapter.send(request, **kwargs)
File "Projectvenv36\lib\site-packages\requests\adapters.py", line 412, in send
self.cert_verify(conn, request.url, verify, cert)
File "Project/Exchange/standardoutlook2.py", line 13, in cert_verify
}[urlparse(url).hostname]
KeyError: 'https'
I've added the certificate to the certificate of certifi, so when I start any request to the server outside of the code above it works well.
When trying to connect to a database with this python code to test the connection.
import boto3
s3 = boto3.resource('s3')
for b in s3.buckets.all():
print b.name
I am getting this error thrown at me.
Traceback (most recent call last):
File "boto3_test.py", line 4, in <module>
for b in s3.buckets.all():
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/collection.py", line 83, in __iter__
for page in self.pages():
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/collection.py", line 161, in pages
pages = [getattr(client, self._py_operation_name)(**params)]
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 310, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 385, in _make_api_call
operation_model, request_dict)
File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 111, in make_request
return self._send_request(request_dict, operation_model)
File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 140, in _send_request
success_response, exception):
File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 213, in _needs_retry
caught_exception=caught_exception)
File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line 226, in emit
return self._emit(event_name, kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line 209, in _emit
response = handler(**kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 183, in __call__
if self._checker(attempts, response, caught_exception):
File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 250, in __call__
caught_exception)
File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 273, in _should_retry
return self._checker(attempt_number, response, caught_exception)
File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 313, in __call__
caught_exception)
File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 222, in __call__
return self._check_caught_exception(attempt_number, caught_exception)
File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 355, in _check_caught_exception
raise caught_exception
botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://s3.us-east-5.amazonaws.com/"
The strange part is that the connection was working earlier in the day and then at it stopped working the same thing happened to me yesterday at the same time so I am assuming it is a network configuration issue. This question is the only one that is similar the solution the original poster stated was to unset both HTTP_PROXY and HTTPS_PROXY which I attempted but it did not work.
You have configured AWS env incorrectly. Check your ~/.aws/config file. You must have configured it incorrectly as us-east-5 which is an invalid region. Change it to us-east-1. Or run aws configure command again and specify the correct region.
[default]
region = us-east-1
We got this issue (with status code 500 returned) out of the blue.
After some research we found out that there was some infra update on AWS which caused the service to be down.
You can find the current down\up services per zone and upcoming down time here
Got the same boto3 error.
In my case a config.lock and credentials.lock were created behind the scenes:
Removing them solved the issue.
For some time now I have been getting this nasty "initializer for ctype 'EVP_MD_CTX *' must be a pointer to same type, not cdata 'EVP_MD_CTX *'" error when using oauth2client (with a service account using a p12 or pem certificate file).
This happens when running a django project under WSGI. I never got it to happen on the shell.
package versions:
google-api-python-client==1.3.1
pyOpenSSL==0.14
oauth2client==1.3.2
cryptography==0.6.1
Revelant stacktrace (until that point I have created the SignedJwtAssertionCredentials and done the authorize() on the http object):
File "gdrive/models.py", line 292, in create_service
return build("drive", "v2", http=http)
File "oauth2client/util.py", line 129, in positional_wrapper
return wrapped(*args, **kwargs)
File "googleapiclient/discovery.py", line 198, in build
resp, content = http.request(requested_url)
File "oauth2client/util.py", line 129, in positional_wrapper
return wrapped(*args, **kwargs)
File "oauth2client/client.py", line 516, in new_request
self._refresh(request_orig)
File "oauth2client/client.py", line 728, in _refresh
self._do_refresh_request(http_request)
File "oauth2client/client.py", line 752, in _do_refresh_request
body = self._generate_refresh_request_body()
File "oauth2client/client.py", line 1275, in _generate_refresh_request_body
assertion = self._generate_assertion()
File "oauth2client/client.py", line 1402, in _generate_assertion
private_key, self.private_key_password), payload)
File "oauth2client/crypt.py", line 312, in make_signed_jwt
signature = signer.sign(signing_input)
File "oauth2client/crypt.py", line 109, in sign
return crypto.sign(self._key, message, 'sha256')
File "OpenSSL/crypto.py", line 2091, in sign
_lib.EVP_SignInit(md_ctx, digest_obj)
And there the exception gets raised.
Any ideas on why this error is appearing?
Thanks,
marc