search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.51k stars 1.17k forks source link

sam deploy - Unable to upload artifact - SSL validation failed #1930

Closed franck-schmidlin closed 4 years ago

franck-schmidlin commented 4 years ago

Description

Unable to deploy SAM application due to a SSL validation failure. Issue can be reproduced with sam deploy, sam package and aws cloudfront package.

Workaround is to :

  1. download the cacert.pem file from https://curl.haxx.se/docs/caextract.html file (Certificate data from Mozilla as of: Wed Jan 1 04:12:10 2020 GMT, SHA256: f3bdcd74612952da8476a9d4147f50b29ad0710b7dd95b4c8690500209986d70) and
  2. set the AWS_CA_BUNDLE environment variable to point to the full path to cacert.pem

before running sam deploy.

Steps to reproduce

  1. Generate a new SAM application with sam init. (dotnetcore3.1)
  2. sam build
  3. sam deploy --guided --debug (region = eu-central-1)

Observed result

Failed to create managed resources
Traceback (most recent call last):
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\ssl_.py", line 336, in ssl_wrap_socket
    context.load_verify_locations(ca_certs, ca_cert_dir)
ssl.SSLError: [X509] PEM lib (_ssl.c:4109)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\httpsession.py", line 263, in send
    chunked=self._chunked(request.headers),
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\retry.py", line 376, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\packages\six.py", line 735, in reraise
    raise value
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connection.py", line 360, in connect
    ssl_context=context,
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\ssl_.py", line 338, in ssl_wrap_socket
    raise SSLError(e)
urllib3.exceptions.SSLError: [X509] PEM lib (_ssl.c:4109)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\bootstrap\bootstrap.py", line 43, in _create_or_get_stack
    ds_resp = cloudformation_client.describe_stacks(StackName=SAM_CLI_STACK_NAME)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\client.py", line 316, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\client.py", line 613, in _make_api_call
    operation_model, request_dict, request_context)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\client.py", line 632, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 102, in make_request
    return self._send_request(request_dict, operation_model)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 137, in _send_request
    success_response, exception):
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 231, in _needs_retry
    caught_exception=caught_exception, request_dict=request_dict)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\hooks.py", line 356, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\hooks.py", line 228, in emit
    return self._emit(event_name, kwargs)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\hooks.py", line 211, in _emit
    response = handler(**kwargs)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 183, in __call__
    if self._checker(attempts, response, caught_exception):
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 251, in __call__
    caught_exception)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 277, in _should_retry
    return self._checker(attempt_number, response, caught_exception)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 317, in __call__
    caught_exception)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 223, in __call__
    attempt_number, caught_exception)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 359, in _check_caught_exception
    raise caught_exception
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 200, in _do_get_response
    http_response = self._send(request)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 244, in _send
    return self.http_session.send(request)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\httpsession.py", line 281, in send
    raise SSLError(endpoint_url=request.url, error=e)
botocore.exceptions.SSLError: SSL validation failed for https://cloudformation.eu-central-1.amazonaws.com/ [X509] PEM lib (_ssl.c:4109)
Sending Telemetry: {'metrics': [{'commandRun': {'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'eu-central-1', 'commandName': 'sam deploy', 'duration': 8463, 'exitReason': 'ManagedStackError', 'exitCode': 1, 'requestId': 'a264a0c5-0928-4e9f-bb53-23ccaf06fd3d', 'installationId': '4ad95fb8-72cf-4f6c-ad25-d91169b7ca76', 'sessionId': 'c8120014-23c2-489c-a977-122adb2be1a1', 'executionEnvironment': 'CLI', 'pyversion': '3.7.6', 'samcliVersion': '0.47.0'}}]}
HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Max retries exceeded with url: /metrics (Caused by SSLError(SSLError(9, '[X509] PEM lib (_ssl.c:4109)')))
Error: Failed to create managed resources: SSL validation failed for https://cloudformation.eu-central-1.amazonaws.com/ [X509] PEM lib (_ssl.c:4109)

Expected result

Out of the box, running a newly installed, up to date AWS and SAM CLI, I should be able to deploy without further faffing.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS:

    systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.17134 N/A Build 17134

  2. sam --version: SAM CLI, version 0.47.0

  3. aws --version: aws-cli/2.0.8 Python/3.7.5 Windows/10 botocore/2.0.0dev12

  4. Reproducing sam issue, different error, with sam package --s3-bucket franck1234 --debug

    
Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
Unable to export
Traceback (most recent call last):
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\ssl_.py", line 336, in ssl_wrap_socket
context.load_verify_locations(ca_certs, ca_cert_dir)
ssl.SSLError: [X509] PEM lib (_ssl.c:4109)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\httpsession.py", line 263, in send chunked=self._chunked(request.headers), File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 720, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\retry.py", line 376, in increment raise six.reraise(type(error), error, _stacktrace) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\packages\six.py", line 735, in reraise raise value File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 672, in urlopen chunked=chunked, File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 994, in _validate_conn conn.connect() File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connection.py", line 360, in connect sslcontext=context, File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\ssl.py", line 338, in ssl_wrap_socket raise SSLError(e) urllib3.exceptions.SSLError: [X509] PEM lib (_ssl.c:4109)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\artifact_exporter.py", line 267, in export self.do_export(resource_id, resource_dict, parent_dir) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\artifact_exporter.py", line 283, in do_export uploaded_url = upload_local_artifacts(resource_id, resource_dict, self.PROPERTY_NAME, parent_dir, self.uploader) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\artifact_exporter.py", line 152, in upload_local_artifacts return zip_and_upload(local_path, uploader) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\artifact_exporter.py", line 170, in zip_and_upload return uploader.upload_with_dedup(zip_file, precomputed_md5=md5_hash) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\s3_uploader.py", line 129, in upload_with_dedup return self.upload(file_name, remote_path) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\s3_uploader.py", line 77, in upload if not self.force_upload and self.file_exists(remote_path): File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\lib\package\s3_uploader.py", line 143, in file_exists self.s3.head_object(Bucket=self.bucket_name, Key=remote_path) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\client.py", line 316, in _api_call return self._make_api_call(operation_name, kwargs) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\client.py", line 613, in _make_api_call operation_model, request_dict, request_context) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\client.py", line 632, in _make_request return self._endpoint.make_request(operation_model, request_dict) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 102, in make_request return self._send_request(request_dict, operation_model) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 137, in _send_request success_response, exception): File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 231, in _needs_retry caught_exception=caught_exception, request_dict=request_dict) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\hooks.py", line 356, in emit return self._emitter.emit(aliased_event_name, kwargs) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\hooks.py", line 228, in emit return self._emit(event_name, kwargs) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\hooks.py", line 211, in _emit response = handler(kwargs) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 183, in call if self._checker(attempts, response, caught_exception): File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 251, in call caught_exception) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 277, in _should_retry return self._checker(attempt_number, response, caught_exception) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 317, in call caught_exception) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 223, in call attempt_number, caught_exception) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\retryhandler.py", line 359, in _check_caught_exception raise caught_exception File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 200, in _do_get_response http_response = self._send(request) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\endpoint.py", line 244, in _send return self.http_session.send(request) File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\botocore\httpsession.py", line 281, in send raise SSLError(endpoint_url=request.url, error=e) botocore.exceptions.SSLError: SSL validation failed for https://franck1234.s3.eu-central-1.amazonaws.com/ade152d4ef9c2158c3e654037af9b6a0 [X509] PEM lib (_ssl.c:4109) Sending Telemetry: {'metrics': [{'commandRun': {'awsProfileProvided': False, 'debugFlagProvided': True, 'region': '', 'commandName': 'sam package', 'duration': 9152, 'exitReason': 'ExportFailedError', 'exitCode': 1, 'requestId': 'd04ade1f-1395-4c75-aa04-1b4deee705ba', 'installationId': '4ad95fb8-72cf-4f6c-ad25-d91169b7ca76', 'sessionId': '32f22bad-83f9-4c53-90e9-f98098db7539', 'executionEnvironment': 'CLI', 'pyversion': '3.7.6', 'samcliVersion': '0.47.0'}}]} HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Max retries exceeded with url: /metrics (Caused by SSLError(SSLError(9, '[X509] PEM lib (_ssl.c:4109)'))) Error: Unable to upload artifact HelloWorldFunction referenced by CodeUri parameter of HelloWorldFunction resource. SSL validation failed for https://franck1234.s3.eu-central-1.amazonaws.com/ade152d4ef9c2158c3e654037af9b6a0 [X509] PEM lib (_ssl.c:4109)

5.  Reproducing same issue, different error, with `aws cloudformation package --s3-bucket franck1234 --debug --template template.yaml`

Can't reproducing right now - I could swear this was failing earlier today !! :-(
I fact, I believe there is something transient about this issue

2020-04-21 19:53:10,902 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.0.8 Python/3.7.5 Windows/10 botocore/2.0.0dev12 2020-04-21 19:53:10,903 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cloudformation', 'package', '--s3-bucket', 'franck-1234', '--debug', '--template-file', 'template.yaml'] 2020-04-21 19:53:10,904 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x000002B6B26D6168> 2020-04-21 19:53:10,905 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x000002B6B1726558> 2020-04-21 19:53:10,906 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x000002B6B277EAF8> 2020-04-21 19:53:10,907 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x000002B6B174D0D8> 2020-04-21 19:53:10,912 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x000002B6B25EEE58> 2020-04-21 19:53:10,913 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x000002B6B2593F78> 2020-04-21 19:53:11,108 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\botocore\data\cloudformation\2010-05-15\service-2.json 2020-04-21 19:53:11,125 - MainThread - botocore.hooks - DEBUG - Event building-command-table.cloudformation: calling handler <function inject_commands at 0x000002B6B19AC5E8> 2020-04-21 19:53:11,126 - MainThread - botocore.hooks - DEBUG - Event building-command-table.cloudformation: calling handler <function add_waiters at 0x000002B6B273DB88> 2020-04-21 19:53:11,253 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\botocore\data\cloudformation\2010-05-15\waiters-2.json 2020-04-21 19:53:11,256 - MainThread - botocore.hooks - DEBUG - Event building-command-table.package: calling handler <function add_waiters at 0x000002B6B273DB88> 2020-04-21 19:53:11,257 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.template-file: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,258 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.package: calling handler <awscli.argprocess.ParamShorthandParser object at 0x000002B6B171E0C8> 2020-04-21 19:53:11,259 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.s3-bucket: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,260 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.package: calling handler <awscli.argprocess.ParamShorthandParser object at 0x000002B6B171E0C8> 2020-04-21 19:53:11,260 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.s3-prefix: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,262 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.kms-key-id: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,262 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.output-template-file: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,263 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.use-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,264 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.package: calling handler <awscli.argprocess.ParamShorthandParser object at 0x000002B6B171E0C8> 2020-04-21 19:53:11,268 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.force-upload: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,269 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.package: calling handler <awscli.argprocess.ParamShorthandParser object at 0x000002B6B171E0C8> 2020-04-21 19:53:11,270 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.package.metadata: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000002B6B2802FC8> 2020-04-21 19:53:11,271 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env 2020-04-21 19:53:11,271 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role 2020-04-21 19:53:11,272 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity 2020-04-21 19:53:11,273 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso 2020-04-21 19:53:11,273 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file 2020-04-21 19:53:11,276 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials 2020-04-21 19:53:11,278 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\botocore\data\endpoints.json 2020-04-21 19:53:11,288 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x000002B6B136D708> 2020-04-21 19:53:11,293 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\botocore\data\s3\2006-03-01\service-2.json 2020-04-21 19:53:11,308 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x000002B6B131FB88> 2020-04-21 19:53:11,309 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x000002B6B131F948> 2020-04-21 19:53:11,318 - MainThread - botocore.endpoint - DEBUG - Setting s3 timeout as (60, 60) 2020-04-21 19:53:11,479 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.s3.HeadObject: calling handler <function base64_decode_input_blobs at 0x000002B6B277EB88> 2020-04-21 19:53:11,480 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.HeadObject: calling handler <function sse_md5 at 0x000002B6B1371828> 2020-04-21 19:53:11,481 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.HeadObject: calling handler <function validate_bucket_name at 0x000002B6B1371798> 2020-04-21 19:53:11,482 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.HeadObject: calling handler <bound method S3RegionRedirector.redirect_from_cache of <botocore.utils.S3RegionRedirector object at 0x000002B6B2B3A088>> 2020-04-21 19:53:11,483 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.HeadObject: calling handler <bound method S3ArnParamHandler.handle_arn of <botocore.utils.S3ArnParamHandler object at 0x000002B6B2B3A508>> 2020-04-21 19:53:11,484 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.HeadObject: calling handler <function generate_idempotent_uuid at 0x000002B6B13713A8> 2020-04-21 19:53:11,485 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.HeadObject: calling handler <function add_expect_header at 0x000002B6B1371AF8> 2020-04-21 19:53:11,486 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.HeadObject: calling handler <bound method S3RegionRedirector.set_request_url of <botocore.utils.S3RegionRedirector object at 0x000002B6B2B3A088>> 2020-04-21 19:53:11,487 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.HeadObject: calling handler <function inject_api_version_header_if_needed at 0x000002B6B1374E58> 2020-04-21 19:53:11,487 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=HeadObject) with params: {'url_path': '/franck-1234/7bb3088ea64023a0c272ad4ec3c59442', 'query_string': {}, 'method': 'HEAD', 'headers': {'User-Agent': 'aws-cli/2.0.8 Python/3.7.5 Windows/10 botocore/2.0.0dev12'}, 'body': b'', 'url': 'https://s3.eu-central-1.amazonaws.com/franck-1234/7bb3088ea64023a0c272ad4ec3c59442', 'context': {'client_region': 'eu-central-1', 'client_config': <botocore.config.Config object at 0x000002B6B2B366C8>, 'has_streaming_input': False, 'auth_type': None, 'signing': {'bucket': 'franck-1234'}}} 2020-04-21 19:53:11,488 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.HeadObject: calling handler <function signal_not_transferring at 0x000002B6B19631F8> 2020-04-21 19:53:11,489 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.HeadObject: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x000002B6B2DD6B88>> 2020-04-21 19:53:11,489 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.HeadObject: calling handler <function set_operation_specific_signer at 0x000002B6B1368438> 2020-04-21 19:53:11,493 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.HeadObject: calling handler <bound method S3EndpointSetter.set_endpoint of <botocore.utils.S3EndpointSetter object at 0x000002B6B2B3A5C8>> 2020-04-21 19:53:11,494 - MainThread - botocore.utils - DEBUG - Defaulting to S3 virtual host style addressing with path style addressing fallback. 2020-04-21 19:53:11,495 - MainThread - botocore.utils - DEBUG - Checking for DNS compatible bucket for: https://s3.eu-central-1.amazonaws.com/franck-1234/7bb3088ea64023a0c272ad4ec3c59442 2020-04-21 19:53:11,495 - MainThread - botocore.utils - DEBUG - URI updated to: https://franck-1234.s3.eu-central-1.amazonaws.com/7bb3088ea64023a0c272ad4ec3c59442 2020-04-21 19:53:11,497 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth. 2020-04-21 19:53:11,497 - MainThread - botocore.auth - DEBUG - CanonicalRequest: HEAD /7bb3088ea64023a0c272ad4ec3c59442

host:franck-1234.s3.eu-central-1.amazonaws.com x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20200421T185311Z

host;x-amz-content-sha256;x-amz-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 2020-04-21 19:53:11,498 - MainThread - botocore.auth - DEBUG - StringToSign: AWS4-HMAC-SHA256 20200421T185311Z 20200421/eu-central-1/s3/aws4_request d0b96ae49e21f1d3a6155067264c4e81d4b567ecbb73cdbf1b46c43612bcf770 2020-04-21 19:53:11,499 - MainThread - botocore.auth - DEBUG - Signature: 8acf83cb578c34620634c6454921c5c183efcd40e44de8920a10fdc349301485 2020-04-21 19:53:11,499 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.HeadObject: calling handler <function signal_transferring at 0x000002B6B1963288> 2020-04-21 19:53:11,500 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=HEAD, url=https://franck-1234.s3.eu-central-1.amazonaws.com/7bb3088ea64023a0c272ad4ec3c59442, headers={'User-Agent': b'aws-cli/2.0.8 Python/3.7.5 Windows/10 botocore/2.0.0dev12', 'X-Amz-Date': b'20200421T185311Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIAXCJDS4SYU2PH5OKX/20200421/eu-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8acf83cb578c34620634c6454921c5c183efcd40e44de8920a10fdc349301485'}> 2020-04-21 19:53:11,502 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): franck-1234.s3.eu-central-1.amazonaws.com:443 2020-04-21 19:53:12,873 - MainThread - urllib3.connectionpool - DEBUG - https://franck-1234.s3.eu-central-1.amazonaws.com:443 "HEAD /7bb3088ea64023a0c272ad4ec3c59442 HTTP/1.1" 404 0 2020-04-21 19:53:12,874 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amz-request-id': 'EC84D9E2C1E14552', 'x-amz-id-2': 'O4IttvtLZq4k1v6ZPl/shn3ClA8C8n/LHZW64Ayu+vNwNWafpfOTi+tsIHl+AohyzU6Y9GG1KHA=', 'Content-Type': 'application/xml', 'Transfer-Encoding': 'chunked', 'Date': 'Tue, 21 Apr 2020 18:53:12 GMT', 'Server': 'AmazonS3'} 2020-04-21 19:53:12,875 - MainThread - botocore.parsers - DEBUG - Response body: b'' 2020-04-21 19:53:12,876 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.HeadObject: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x000002B6B2B3A448>> 2020-04-21 19:53:12,877 - MainThread - botocore.retries.standard - DEBUG - Not retrying request. 2020-04-21 19:53:12,877 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.HeadObject: calling handler <bound method S3RegionRedirector.redirect_from_error of <botocore.utils.S3RegionRedirector object at 0x000002B6B2B3A088>> 2020-04-21 19:53:12,878 - MainThread - botocore.hooks - DEBUG - Event after-call.s3.HeadObject: calling handler <function enhance_error_msg at 0x000002B6B2731AF8> 2020-04-21 19:53:12,879 - MainThread - botocore.hooks - DEBUG - Event after-call.s3.HeadObject: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x000002B6B14D09C8>> 2020-04-21 19:53:12,883 - MainThread - s3transfer.utils - DEBUG - Acquiring 0 2020-04-21 19:53:12,885 - ThreadPoolExecutor-1_0 - s3transfer.tasks - DEBUG - UploadSubmissionTask(transfer_id=0, {'transfer_future': <s3transfer.futures.TransferFuture object at 0x000002B6B2B732C8>}) about to wait for the following futures [] 2020-04-21 19:53:12,886 - ThreadPoolExecutor-1_0 - s3transfer.tasks - DEBUG - UploadSubmissionTask(transfer_id=0, {'transfer_future': <s3transfer.futures.TransferFuture object at 0x000002B6B2B732C8>}) done waiting for dependent futures 2020-04-21 19:53:12,887 - ThreadPoolExecutor-1_0 - s3transfer.tasks - DEBUG - Executing task UploadSubmissionTask(transfer_id=0, {'transfer_future': <s3transfer.futures.TransferFuture object at 0x000002B6B2B732C8>}) with kwargs {'client': <botocore.client.S3 object at 0x000002B6B2DD68C8>, 'config': <s3transfer.manager.TransferConfig object at 0x000002B6B2B3A588>, 'osutil': <s3transfer.utils.OSUtils object at 0x000002B6B2B3A708>, 'request_executor': <s3transfer.futures.BoundedExecutor object at 0x000002B6B2B3A848>, 'transfer_future': <s3transfer.futures.TransferFuture object at 0x000002B6B2B732C8>} 2020-04-21 19:53:12,888 - ThreadPoolExecutor-1_0 - s3transfer.futures - DEBUG - Submitting task PutObjectTask(transfer_id=0, {'bucket': 'franck-1234', 'key': '7bb3088ea64023a0c272ad4ec3c59442', 'extra_args': {'ServerSideEncryption': 'AES256'}}) to executor <s3transfer.futures.BoundedExecutor object at 0x000002B6B2B3A848> for transfer request: 0. 2020-04-21 19:53:12,889 - ThreadPoolExecutor-1_0 - s3transfer.utils - DEBUG - Acquiring 0 2020-04-21 19:53:12,890 - ThreadPoolExecutor-0_0 - s3transfer.tasks - DEBUG - PutObjectTask(transfer_id=0, {'bucket': 'franck-1234', 'key': '7bb3088ea64023a0c272ad4ec3c59442', 'extra_args': {'ServerSideEncryption': 'AES256'}}) about to wait for the following futures [] 2020-04-21 19:53:12,890 - ThreadPoolExecutor-1_0 - s3transfer.utils - DEBUG - Releasing acquire 0/None 2020-04-21 19:53:12,890 - ThreadPoolExecutor-0_0 - s3transfer.tasks - DEBUG - PutObjectTask(transfer_id=0, {'bucket': 'franck-1234', 'key': '7bb3088ea64023a0c272ad4ec3c59442', 'extra_args': {'ServerSideEncryption': 'AES256'}}) done waiting for dependent futures 2020-04-21 19:53:12,892 - ThreadPoolExecutor-0_0 - s3transfer.tasks - DEBUG - Executing task PutObjectTask(transfer_id=0, {'bucket': 'franck-1234', 'key': '7bb3088ea64023a0c272ad4ec3c59442', 'extra_args': {'ServerSideEncryption': 'AES256'}}) with kwargs {'client': <botocore.client.S3 object at 0x000002B6B2DD68C8>, 'fileobj': <s3transfer.utils.ReadFileChunk object at 0x000002B6B2B73348>, 'bucket': 'franck-1234', 'key': '7bb3088ea64023a0c272ad4ec3c59442', 'extra_args': {'ServerSideEncryption': 'AES256'}} 2020-04-21 19:53:12,893 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event provide-client-params.s3.PutObject: calling handler <function base64_decode_input_blobs at 0x000002B6B277EB88> 2020-04-21 19:53:12,897 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <function validate_ascii_metadata at 0x000002B6B1374438> 2020-04-21 19:53:12,897 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <function sse_md5 at 0x000002B6B1371828> 2020-04-21 19:53:12,898 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <function convert_body_to_file_like_object at 0x000002B6B1374D38> 2020-04-21 19:53:12,899 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <function validate_bucket_name at 0x000002B6B1371798> 2020-04-21 19:53:12,900 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <bound method S3RegionRedirector.redirect_from_cache of <botocore.utils.S3RegionRedirector object at 0x000002B6B2B3A088>> 2020-04-21 19:53:12,900 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <bound method S3ArnParamHandler.handle_arn of <botocore.utils.S3ArnParamHandler object at 0x000002B6B2B3A508>> 2020-04-21 19:53:12,901 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-parameter-build.s3.PutObject: calling handler <function generate_idempotent_uuid at 0x000002B6B13713A8> 2020-04-21 19:53:12,902 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-call.s3.PutObject: calling handler <function conditionally_calculate_md5 at 0x000002B6B1371708> 2020-04-21 19:53:12,904 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-call.s3.PutObject: calling handler <function add_expect_header at 0x000002B6B1371AF8> 2020-04-21 19:53:12,905 - ThreadPoolExecutor-0_0 - botocore.handlers - DEBUG - Adding expect 100 continue header to request. 2020-04-21 19:53:12,905 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-call.s3.PutObject: calling handler <bound method S3RegionRedirector.set_request_url of <botocore.utils.S3RegionRedirector object at 0x000002B6B2B3A088>> 2020-04-21 19:53:12,908 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-call.s3.PutObject: calling handler <function inject_api_version_header_if_needed at 0x000002B6B1374E58> 2020-04-21 19:53:12,909 - ThreadPoolExecutor-0_0 - botocore.endpoint - DEBUG - Making request for OperationModel(name=PutObject) with params: {'url_path': '/franck-1234/7bb3088ea64023a0c272ad4ec3c59442', 'query_string': {}, 'method': 'PUT', 'headers': {'x-amz-server-side-encryption': 'AES256', 'User-Agent': 'aws-cli/2.0.8 Python/3.7.5 Windows/10 botocore/2.0.0dev12', 'Content-MD5': 'e7MIjqZAI6DCcq1Ow8WUQg==', 'Expect': '100-continue'}, 'body': <s3transfer.utils.ReadFileChunk object at 0x000002B6B2B73348>, 'url': 'https://s3.eu-central-1.amazonaws.com/franck-1234/7bb3088ea64023a0c272ad4ec3c59442', 'context': {'client_region': 'eu-central-1', 'client_config': <botocore.config.Config object at 0x000002B6B2B366C8>, 'has_streaming_input': True, 'auth_type': None, 'signing': {'bucket': 'franck-1234'}}} 2020-04-21 19:53:12,910 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event request-created.s3.PutObject: calling handler <function signal_not_transferring at 0x000002B6B19631F8> 2020-04-21 19:53:12,911 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event request-created.s3.PutObject: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x000002B6B2DD6B88>> 2020-04-21 19:53:12,912 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event choose-signer.s3.PutObject: calling handler <function set_operation_specific_signer at 0x000002B6B1368438> 2020-04-21 19:53:12,913 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event before-sign.s3.PutObject: calling handler <bound method S3EndpointSetter.set_endpoint of <botocore.utils.S3EndpointSetter object at 0x000002B6B2B3A5C8>> 2020-04-21 19:53:12,914 - ThreadPoolExecutor-0_0 - botocore.utils - DEBUG - Checking for DNS compatible bucket for: https://s3.eu-central-1.amazonaws.com/franck-1234/7bb3088ea64023a0c272ad4ec3c59442 2020-04-21 19:53:12,915 - ThreadPoolExecutor-0_0 - botocore.utils - DEBUG - URI updated to: https://franck-1234.s3.eu-central-1.amazonaws.com/7bb3088ea64023a0c272ad4ec3c59442 2020-04-21 19:53:12,916 - ThreadPoolExecutor-0_0 - botocore.auth - DEBUG - Calculating signature using v4 auth. 2020-04-21 19:53:12,916 - ThreadPoolExecutor-0_0 - botocore.auth - DEBUG - CanonicalRequest: PUT /7bb3088ea64023a0c272ad4ec3c59442

content-md5:e7MIjqZAI6DCcq1Ow8WUQg== host:franck-1234.s3.eu-central-1.amazonaws.com x-amz-content-sha256:UNSIGNED-PAYLOAD x-amz-date:20200421T185312Z x-amz-server-side-encryption:AES256

content-md5;host;x-amz-content-sha256;x-amz-date;x-amz-server-side-encryption UNSIGNED-PAYLOAD 2020-04-21 19:53:12,918 - ThreadPoolExecutor-0_0 - botocore.auth - DEBUG - StringToSign: AWS4-HMAC-SHA256 20200421T185312Z 20200421/eu-central-1/s3/aws4_request 9154868690f036a0ee93ab7d72b0f1b6fa43605bfaada1206014b4c3045d62ef 2020-04-21 19:53:12,922 - ThreadPoolExecutor-0_0 - botocore.auth - DEBUG - Signature: 5e1f9373cbf4129ea267f3cab6dc2f53ca93b01a5b8d1709475efa489fab192a 2020-04-21 19:53:12,923 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event request-created.s3.PutObject: calling handler <function signal_transferring at 0x000002B6B1963288> 2020-04-21 19:53:12,924 - ThreadPoolExecutor-0_0 - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=PUT, url=https://franck-1234.s3.eu-central-1.amazonaws.com/7bb3088ea64023a0c272ad4ec3c59442, headers={'x-amz-server-side-encryption': b'AES256', 'User-Agent': b'aws-cli/2.0.8 Python/3.7.5 Windows/10 botocore/2.0.0dev12', 'Content-MD5': b'e7MIjqZAI6DCcq1Ow8WUQg==', 'Expect': b'100-continue', 'X-Amz-Date': b'20200421T185312Z', 'X-Amz-Content-SHA256': b'UNSIGNED-PAYLOAD', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIAXCJDS4SYU2PH5OKX/20200421/eu-central-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date;x-amz-server-side-encryption, Signature=5e1f9373cbf4129ea267f3cab6dc2f53ca93b01a5b8d1709475efa489fab192a', 'Content-Length': '320929'}> 2020-04-21 19:53:12,926 - ThreadPoolExecutor-0_0 - botocore.awsrequest - DEBUG - Waiting for 100 Continue response. 2020-04-21 19:53:13,157 - ThreadPoolExecutor-0_0 - botocore.awsrequest - DEBUG - 100 Continue response seen, now sending request body. Uploading to 7bb3088ea64023a0c272ad4ec3c59442 262144 / 320929.0 (81.68%)2020-04-21 19:53:22,227 - ThreadPoolExecutor-0_0 - urllib3.connectionpool - DEBUG - https://franck-1234.s3.eu-central-1.amazonaws.com:443 "PUT /7bb3088ea64023a0c272ad4ec3c59442 HTTP/1.1" 200 0 2020-04-21 19:53:22,229 - ThreadPoolExecutor-0_0 - botocore.parsers - DEBUG - Response headers: {'x-amz-id-2': 'UPI+ZWWmFsQHFK8l/0diuzbcA6kw0S9fe7I1YqTvwKvgfpr/RSiwwfie+yMS9j9XZAvlyIhv+co=', 'x-amz-request-id': '67430DA66AAFEA07', 'Date': 'Tue, 21 Apr 2020 18:53:14 GMT', 'x-amz-server-side-encryption': 'AES256', 'ETag': '"7bb3088ea64023a0c272ad4ec3c59442"', 'Content-Length': '0', 'Server': 'AmazonS3'} 2020-04-21 19:53:22,230 - ThreadPoolExecutor-0_0 - botocore.parsers - DEBUG - Response body: b'' 2020-04-21 19:53:22,231 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event needs-retry.s3.PutObject: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x000002B6B2B3A448>> 2020-04-21 19:53:22,232 - ThreadPoolExecutor-0_0 - botocore.retries.standard - DEBUG - Not retrying request. 2020-04-21 19:53:22,232 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event needs-retry.s3.PutObject: calling handler <bound method S3RegionRedirector.redirect_from_error of <botocore.utils.S3RegionRedirector object at 0x000002B6B2B3A088>> 2020-04-21 19:53:22,233 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event after-call.s3.PutObject: calling handler <function enhance_error_msg at 0x000002B6B2731AF8> 2020-04-21 19:53:22,234 - ThreadPoolExecutor-0_0 - botocore.hooks - DEBUG - Event after-call.s3.PutObject: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x000002B6B14D09C8>> Uploading to 7bb3088ea64023a0c272ad4ec3c59442 320929 / 320929.0 (100.00%)2020-04-21 19:53:22,236 - ThreadPoolExecutor-0_0 - s3transfer.utils - DEBUG - Releasing acquire 0/None

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: "Sample SAM Template for helloworld\n" Globals: Function: Timeout: 10 Resources: HelloWorldFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://franck-1234/7bb3088ea64023a0c272ad4ec3c59442 Handler: HelloWorld::HelloWorld.Function::FunctionHandler Runtime: dotnetcore3.1 Environment: Variables: PARAM1: VALUE Events: HelloWorld: Type: Api Properties: Path: /hello Method: get Outputs: HelloWorldApi: Description: API Gateway endpoint URL for Prod stage for Hello World function Value: Fn::Sub: https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/ HelloWorldFunction: Description: Hello World Lambda Function ARN Value: Fn::GetAtt:

Note the SSL error at the end though

sam deploy --debug

sam deploy --debug
Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics

        Deploying with following values
        ===============================
        Stack name                 : helloworld
        Region                     : eu-central-1
        Confirm changeset          : True
        Deployment s3 bucket       : aws-sam-cli-managed-default-samclisourcebucket-1asxxxwuqpoyy
        Capabilities               : ["CAPABILITY_IAM"]
        Parameter overrides        : {}

Initiating deployment
=====================
File with same data is already exists at helloworld/e7b3ed53868e8df549c794148050335e. Skipping upload
File with same data is already exists at helloworld/4ccf0bb477d7e8181c4dc649d1e90fc8.template. Skipping upload

Waiting for changeset to be created..

CloudFormation stack changeset
---------------------------------------------------------------------------------------------------------------------
Operation                               LogicalResourceId                       ResourceType
---------------------------------------------------------------------------------------------------------------------
+ Add                                   HelloWorldFunctionHelloWorldPermissio   AWS::Lambda::Permission
                                        nProd
+ Add                                   HelloWorldFunctionRole                  AWS::IAM::Role
+ Add                                   HelloWorldFunction                      AWS::Lambda::Function
+ Add                                   ServerlessRestApiDeployment47fc2d5f9d   AWS::ApiGateway::Deployment
+ Add                                   ServerlessRestApiProdStage              AWS::ApiGateway::Stage
+ Add                                   ServerlessRestApi                       AWS::ApiGateway::RestApi
---------------------------------------------------------------------------------------------------------------------

Changeset created successfully. arn:aws:cloudformation:eu-central-1:123456789012:changeSet/samcli-deploy1587495602/5f44df7b-1932-4f0f-a240-6f5c36947d75

Previewing CloudFormation changeset before deployment
======================================================
Deploy this changeset? [y/N]: y

2020-04-21 20:00:15 - Waiting for stack create/update to complete

CloudFormation events from changeset
---------------------------------------------------------------------------------------------------------------------
ResourceStatus                ResourceType                  LogicalResourceId             ResourceStatusReason
---------------------------------------------------------------------------------------------------------------------
CREATE_IN_PROGRESS            AWS::IAM::Role                HelloWorldFunctionRole        Resource creation Initiated
CREATE_IN_PROGRESS            AWS::IAM::Role                HelloWorldFunctionRole        -
CREATE_COMPLETE               AWS::IAM::Role                HelloWorldFunctionRole        -
CREATE_IN_PROGRESS            AWS::Lambda::Function         HelloWorldFunction            Resource creation Initiated
CREATE_IN_PROGRESS            AWS::Lambda::Function         HelloWorldFunction            -
CREATE_COMPLETE               AWS::Lambda::Function         HelloWorldFunction            -
CREATE_IN_PROGRESS            AWS::ApiGateway::RestApi      ServerlessRestApi             Resource creation Initiated
CREATE_IN_PROGRESS            AWS::ApiGateway::RestApi      ServerlessRestApi             -
CREATE_COMPLETE               AWS::ApiGateway::RestApi      ServerlessRestApi             -
CREATE_COMPLETE               AWS::ApiGateway::Deployment   ServerlessRestApiDeployment   -
                                                            47fc2d5f9d
CREATE_IN_PROGRESS            AWS::ApiGateway::Deployment   ServerlessRestApiDeployment   Resource creation Initiated
                                                            47fc2d5f9d
CREATE_IN_PROGRESS            AWS::Lambda::Permission       HelloWorldFunctionHelloWorl   Resource creation Initiated
                                                            dPermissionProd
CREATE_IN_PROGRESS            AWS::ApiGateway::Deployment   ServerlessRestApiDeployment   -
                                                            47fc2d5f9d
CREATE_IN_PROGRESS            AWS::Lambda::Permission       HelloWorldFunctionHelloWorl   -
                                                            dPermissionProd
CREATE_IN_PROGRESS            AWS::ApiGateway::Stage        ServerlessRestApiProdStage    -
CREATE_IN_PROGRESS            AWS::ApiGateway::Stage        ServerlessRestApiProdStage    Resource creation Initiated
CREATE_COMPLETE               AWS::ApiGateway::Stage        ServerlessRestApiProdStage    -
CREATE_COMPLETE               AWS::Lambda::Permission       HelloWorldFunctionHelloWorl   -
                                                            dPermissionProd
CREATE_COMPLETE               AWS::CloudFormation::Stack    helloworld                    -
---------------------------------------------------------------------------------------------------------------------

CloudFormation outputs from deployed stack
---------------------------------------------------------------------------------------------------------------------
Outputs
---------------------------------------------------------------------------------------------------------------------
Key                 HelloWorldFunctionIamRole
Description         Implicit IAM Role created for Hello World function
Value               arn:aws:iam::123456789012:role/helloworld-HelloWorldFunctionRole-Q60UKA48XTIH

Key                 HelloWorldApi
Description         API Gateway endpoint URL for Prod stage for Hello World function
Value               https://2l8grq7que.execute-api.eu-central-1.amazonaws.com/Prod/hello/

Key                 HelloWorldFunction
Description         Hello World Lambda Function ARN
Value               arn:aws:lambda:eu-central-1:123456789012:function:helloworld-HelloWorldFunction-I340VP86ZXH4
---------------------------------------------------------------------------------------------------------------------

Successfully created/updated stack - helloworld in eu-central-1

Sending Telemetry: {'metrics': [{'commandRun': {'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'eu-central-1', 'commandName': 'sam deploy', 'duration': 55198, 'exitReason': 'success', 'exitCode': 0, 'requestId': '9d3692c9-acf7-4078-91f0-841c30eb0952', 'installationId': '4ad95fb8-72cf-4f6c-ad25-d91169b7ca76', 'sessionId': '370fe88a-63aa-4cb7-ad5d-5bcd4e0da434', 'executionEnvironment': 'CLI', 'pyversion': '3.7.6', 'samcliVersion': '0.47.0'}}]}
HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Max retries exceeded with url: /metrics (Caused by SSLError(SSLError(9, '[X509] PEM lib (_ssl.c:4109)')))
awood45 commented 4 years ago

For background on this, we discussed this issue on Twitter, thread here: https://twitter.com/alexwwood/status/1252630351119216641

It actually looks like your deploy command is succeeding at the end when you use the ENV variable, we're just failing to send Telemetry (that doesn't pick up the CA Certs, and won't impact anything you deploy).

So there may not be an issue here with the SAM CLI itself. Your environment isn't picking up the CA Certs through default methods, and it works when you provide it as an ENV variable. You may want to check the documentation or ask on https://github.com/boto/boto3 if you can't figure out why Python's HTTP stack isn't picking up your CA Certs by default, though I know Windows can have configuration issues with this.

As for this issue, was there another method you were trying from our discussion to pass CA Certs that was breaking for you?

franck-schmidlin commented 4 years ago

was there another method you were trying from our discussion to pass CA Certs that was breaking for you?

I thought there was, but I've now gone back to adding the ca_bundle property to the .aws/config file and that is now working fine.

I probably got myself in a rabbit hole at the weekend, it all felt much more complicated.

I would say however that that CA bundle is poorly documented/explained. Makes sense to me now, but it would have been much easier if the error message mentioned it. Something like SSL validation failed for ... Have you tried setting the ca_bundle property?

Anyway, this seems to be a AWS CLI or boto3 issue, not SAM.

Thanks for looking into it.

Leslie-Wong-H commented 2 years ago

Faced the same error. Resolved by closing my proxy. I guess it is the network request problem of the python urllib package under the hood, which I also encountered when using other python-based tools.

igorantolic commented 2 years ago

HOW TO GET ca-bundle.pem

To grab certificates you can use your PC with git installed (includes openssl) and in GIT BASH console (you can open from VScode if you prefer) jut type:

echo | openssl s_client -showcerts -servername s3.eu-central-1.amazonaws.com:443 -connect s3.eu-central-1.amazonaws.com:443 2>/dev/null

grab all partis between -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including that lines to save wa whole cert chain to file