Closed sboonyakiat closed 4 years ago
Have you tried the updated code? The blog links to a specific version which has had several bugs fixed since that release.
If so, please look at the Lambda function and the CloudWatch Logs to see what error is occurring in the Lambda function that is preventing it from running successfully.
Yes i have. Still the same error. Below is the vloidwatch log
2020-06-12T19:26:18.983-04:00 START RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be Version: $LATEST
2020-06-12T19:26:22.111-04:00 [ERROR] KeyError: 'aws_standard' Traceback (most recent call last): File "/var/task/securityhub_enabler.py", line 423, in lambda_handler enable_master(master_session, securityhub_regions, partition) File "/var/task/securityhub_enabler.py", line 401, in enable_master master_account) File "/var/task/securityhub_enabler.py", line 252, in process_security_standards if os.environ['aws_standard'] == 'Yes': File "/var/lang/lib/python3.7/os.py", line 681, in getitem raise KeyError(key) from None
2020-06-12T19:26:22.121-04:00 END RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be
2020-06-12T19:26:22.121-04:00 REPORT RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be Duration: 3137.34 ms Billed Duration: 3200 ms Memory Size: 256 MB Max Memory Used: 81 MB Init Duration: 289.56 ms
2020-06-12T19:27:20.306-04:00 START RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be Version: $LATEST
2020-06-12T19:27:22.009-04:00 [ERROR] KeyError: 'aws_standard' Traceback (most recent call last): File "/var/task/securityhub_enabler.py", line 423, in lambda_handler enable_master(master_session, securityhub_regions, partition) File "/var/task/securityhub_enabler.py", line 401, in enable_master master_account) File "/var/task/securityhub_enabler.py", line 252, in process_security_standards if os.environ['aws_standard'] == 'Yes': File "/var/lang/lib/python3.7/os.py", line 681, in getitem raise KeyError(key) from None
2020-06-12T19:27:22.010-04:00 END RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be
2020-06-12T19:27:22.010-04:00 REPORT RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be Duration: 1699.76 ms Billed Duration: 1700 ms Memory Size: 256 MB Max Memory Used: 84 MB
2020-06-12T19:29:19.220-04:00 START RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be Version: $LATEST
2020-06-12T19:29:21.160-04:00 [ERROR] KeyError: 'aws_standard' Traceback (most recent call last): File "/var/task/securityhub_enabler.py", line 423, in lambda_handler enable_master(master_session, securityhub_regions, partition) File "/var/task/securityhub_enabler.py", line 401, in enable_master master_account) File "/var/task/securityhub_enabler.py", line 252, in process_security_standards if os.environ['aws_standard'] == 'Yes': File "/var/lang/lib/python3.7/os.py", line 681, in getitem raise KeyError(key) from None
2020-06-12T19:29:21.161-04:00 END RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be
2020-06-12T19:29:21.161-04:00 REPORT RequestId: d57cc1c8-ca64-4778-bae0-55410490c2be Duration: 1938.57 ms Billed Duration: 2000 ms Memory Size: 256 MB Max Memory Used: 85 MB
Sent from my iPhone
On Jun 12, 2020, at 17:53, Jason Cornick notifications@github.com wrote:
Have you tried the updated code? The blog links to a specific version which has had several bugs fixed since that release.
If so, please look at the Lambda function and the CloudWatch Logs to see what error is occurring in the Lambda function that is preventing it from running successfully.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Can you please confirm if your Lambda function has an environment variable "aws_standard"? The error appears to be saying call to read that variable is having an error. I've checked the cloudformation template and it is there, and creates it when I test.
(You should use the updated template, not just the code)
You are right. Sorry, I was using old template file against the latest code. I've relaunch the code with proper template file and it is working now. Thank you
I've followed the instruction on https://aws.amazon.com/blogs/mt/automating-aws-security-hub-alerts-with-aws-control-tower-lifecycle-events/#:~:text=AWS%20Control%20Tower%20is%20an,architected%20multi%2Daccount%20AWS%20environment.&text=AWS%20Security%20Hub%20can%20be,compliance%20status%20across%20AWS%20accounts. and when i launch the stack I got "Custom Resource failed to stabilize in expected time" for the "First Run". Please see screenshot attached. Not sure what I'm missing. I also cannot delete the stack with the same error message.