[ BUG ] ImportError when running AWS Lambda

[rusnyder]

Describe the bug The util/create-lambda-layer.sh script pip installs crowdstrike-falconpy with no other version restrictions, but since the release of urllib3 >= 2.0, this produces a broken layer since the Python 3.8 Lambda environment provides OpenSSL 1.0.2-fips instead of the minimum requirement from urllib3 of OpenSSL 1.1.1.

As a result, if you deploy the lambda from any of the AWS integration guides (e.g. - I was working with the Security Hub setup guide), the lambda will raise the same error every time it runs:

[ERROR] Runtime.ImportModuleError: Unable to import module 'main': urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'OpenSSL 1.0.2k-fips  26 Jan 2017'. See: https://github.com/urllib3/urllib3/issues/2168

To Reproduce To truly reproduce, you just have to run the script, create a lambda from it, and try importing urllib3. To reproduce locally (a bit more expedient):

# Clear out any previous experiments
$ cd util && rm -rf python/ falconpy-layer.zip

# Produce the lambda ZIP file
$ ./create-lambda-layer.sh

# Extract it (making sure to blow away any previous experiment
$ unzip falconpy-layer.zip

# Mount it into a lambda/python:3.8 container and see that it fails
$ docker run -it --rm --entrypoint '' --rm \
    -v $(pwd)/python:/app --workdir /app -e PYTHONPATH=. \
    public.ecr.aws/lambda/python:3.8 python -c 'import urllib3'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/app/urllib3/__init__.py", line 41, in <module>
    raise ImportError(
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'OpenSSL 1.0.2k-fips  26 Jan 2017'. See: https://github.com/urllib3/urllib3/issues/2168

Expected behavior The import of urllib3 should succeed (thus indicating this issue will be fixed when deployed as an actual Lambda)

Environment (please complete the following information):

• OS:
  • Local: MacOS 13.4, GNU Bash 5.2.15
  • Remote: AWS Lambda - Python 3.7 (as per the cloudformation templates here: https://github.com/CrowdStrike/Cloud-AWS/blob/main/Security-Hub/cloudformation/security-hub-integration.yaml#L188)
• Python: 3.7 and 3.8
• FalconPy: main branch at commit 5883efcf2eea3243ef0bec4049a1685a87f4f7cc

Additional context As it stands, the guides for setting up some of the AWS Crowdstrike integrations are broken until this is fixed.

[jaycruiks-work]

I am seeing this issue today in logs on a newly deployed version of Cloud-AWS/s3-bucket-protection.

Changing the python version only changes the error. INIT_START Runtime Version: python:3.10.v10 Runtime Version ARN:

Runtime.ImportModuleError: Unable to import module 'lambda_function': cannot import name 'DEFAULTCIPHERS' from 'urllib3.util.ssl'

INIT_START Runtime Version: python:3.7.v31 Runtime Version ARN: and 3.8 Runtime.ImportModuleError: Unable to import module 'lambda_function': urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'OpenSSL 1.0.2k-fips 26 Jan 2017'.

[jshcodes]

Hi @jaycruiks-work -

Does this procedure help resolve the issue?

[jaycruiks-work]

This did work for me thank you!