Runtime.ImportModuleError in CustomControlTowerDeploymentLambda

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.

https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html

Apache License 2.0

362 stars 205 forks source link

Runtime.ImportModuleError in CustomControlTowerDeploymentLambda #96

Closed willdady closed 2 years ago

willdady commented 2 years ago

Am getting the following error in CloudWatch logs from the CustomControlTowerDeploymentLambda lambda function. This prevents the stack from deploying.

[ERROR] Runtime.ImportModuleError: Unable to import module 'config_deployer': cannot import name 'soft_unicode' from 'markupsafe' (/var/task/markupsafe/__init__.py)

I run build-s3-dist.sh from the root directory which appears to run without errors. I then upload the artefacts to S3 buckets and deploy the CF template as described in the README.

This is on version 2.2.0 when deploying into ap-southeast-2.

aiden-sobey commented 2 years ago

Also experienced this error deploying version 2.2.0 to ap-southeast-2.

balltrev commented 2 years ago

I believe this is due to an update that one of the project's dependencies pushed, I believe this is the related issue: https://github.com/pallets/jinja/issues/1585

Until we're able to release a fix to this, I believe the recommended workaround would be to pin the version of MarkupSafe in https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/source/requirements.txt

"MarkupSafe==2.0.1"

cacack commented 2 years ago

Same here, deploying v2.1.0 (setting up a lab using current production version). This is to us-east-2, but I suspect region doesn't matter and pinning MarkupSafe is the answer. Waiting for latest deployment to timeout on the fail and will report back if this fixes things.

stumins commented 2 years ago

Hi all,

We are aware of this issue and are working on a release to resolve it. As noted, this issue will occur regardless of deployment region.

In the interim, pinning the upstream dependency version as indicated by @balltrev should provide a workaround. I've pinned this issue to increase the visibility.

aiden-sobey commented 2 years ago

Pinning the MarkupSafe version fixed that error for us, but we also encountered a breaking change in this release that control tower customisations needs to be deployed to the same region as control tower itself. Hopefully knowing that saves someone else a few days effort.

balltrev commented 2 years ago

We've just released v2.3.0 that fixes this issue

snebhu3 commented 2 years ago

Resolving this issue as v2.3.0 was released with a fix to this issue.