Empty PREFIX_LISTS environment variable causes Step Function to fail in case of "Custom-Destinations" value for DEFAULT_ROUTE environment variable

[ayubhari]

Describe the bug

PREFIX_LISTS environment variable in STNO-State-Machine Lambda Function should-be/is optional where "Custom-Destinations" is specified for DEFAULT_ROUTE variable if CIDR_BLOCKS is provided (as per the CustomerManagedPrefixListIds parameter in network-orchestration-hub.yaml CloudFormation template).

However, by keeping PREFIX_LISTS empty while specifying CIDR_BLOCKS and setting "Custom-Destinations" as a value for DEFAULT_ROUTE, causes Step Function to fail and respective TGW VPC attachment doesn't get associated/propagated to the specified TGW Route Table.

To Reproduce

Specify ListOfCustomCidrBlocks in network-orchestration-hub.yaml CloudFormation template while setting "Custom-Destinations" as a value for DEFAULT_ROUTE and keep CustomerManagedPrefixListIds empty.

Once STNO Hub and Spoke stacks are deployed, create a VPC with populated "Associate-with" and/or "Propagate-to" tags and then create subnets having tag "Attach-to-tgw" added.

This will cause step function to fail as in the underlying Lambda code following two functions are getting called for Custom-Destinations in DEFAULT_ROUTE:

• _update_route_table_with_cidr_blocks(...)

  This works fine as CIDR_BLOCKS environment variable would have value.

• _update_route_table_with_prefix_lists(...)

  This errors as PREFIX_LISTS environment variable comes up as an empty string and upon getting split by "," its length would remain 1 and hence it is able to bypass the > 0 check causing _update_route_table(...) to fail as prefix_list_id would be empty.

Expected behavior

Empty PREFIX_LISTS should be effectively handled in the Lambda code so that Step Function could succeed in case of "Custom-Destinations" for the DEFAULT_ROUTE with just requiring CIDR_BLOCKS environment variable.

For this in the code block the first check should be making sure PREFIX_LISTS is a non-empty string like following: if environ.get("PREFIX_LISTS") != "": or simply if environ.get("PREFIX_LISTS"): Then the PREFIX_LISTS should be split to avoid the above issue.

Similar thing can be done in case just PREFIX_LISTS is required but not the CIDR_BLOCKS, in code block of _update_route_table_with_cidr_blocks(...)

Please complete the following information about the solution:

• [ ] Version: v3.2.1

• [ ] Region: eu-west-1

• [ ] Was the solution modified from the version published on this repository?

• [ ] If the answer to the previous question was yes, are the changes available on GitHub?

• [ ] Have you checked your service quotas for the sevices this solution uses?

• [x] Were there any errors in the CloudWatch Logs?

  Yes: "exception": "Traceback (most recent call last):\n File \"/var/task/state_machine/lib/clients/ec2.py\", line 95, in create_route_cidr_block\n response = self.ec2_client.create_route(\n File \"/var/task/botocore/client.py\", line 530, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File \"/var/task/botocore/client.py\", line 960, in _make_api_call\n raise error_class(parsed_response, operation_name)\nbotocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the CreateRoute operation: invalid value for parameter destination-cidr-block:", "exception_name": "ClientError"

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context Add any other context about the problem here.

[groverlalit]

Thanks for raising this issue. This bug will be resolved in the next release.