search

localstack / serverless-localstack

⚡ Serverless plugin for running against LocalStack
511 stars 82 forks source link

Receiving "The security token included in the request is invalid." #244

Closed xochilpili closed 3 months ago

xochilpili commented 4 months ago

Steps To Reproduce

docker-composer: 

version: '3'

services:
    localstack:
      network_mode: bridge
      image: localstack/localstack:latest
      container_name: localstack
      environment:
       - SERVICES=secretsmanager,ssm,events
       - PERSISTENCE=1
      ports:
        - 4566:4566
        - 4510-4559:4510-4559
      volumes_from:
        - data:rw
    mongo:
      image: mongo:4.4.16
      container_name: workflows_mongo
      environment:
        - MONGO_INITDB_DATABASE=agentcollab
      volumes_from:
        - data:rw
      ports:
        - 27017:27017
    data:
      image: debian:wheezy
      command: /bin/true
      volumes:
        - /data/db

serverless.ts

import type { AWS } from '@serverless/typescript';
const serverlessConfiguration: AWS = {
    service: 'test-serverless',
    frameworkVersion: '3',
    plugins: ['serverless-esbuild', 'serverless-localstack', 'serverless-offline'],
    provider: {
        name: 'aws',
        stage: 'dev',
        runtime: 'nodejs14.x',
        profile: 'local', 
        apiGateway: {
            minimumCompressionSize: 1024,
            shouldStartNameWithService: true,
        },
        environment: {
            AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1',
            NODE_OPTIONS: '--enable-source-maps --stack-trace-limit=1000',
        },
    },
    // import the function via paths
    functions: {
        profile: {
            handler: 'src/lambdas/second_service/index.handler',
            events: [
                {
                    http: {
                        method: 'POST',
                        path: '/profile',
                    },
                },
            ],
        },
    },
    package: { individually: true },
    custom: {
        localstack: {
            stages: ['dev'],
            host: 'http://localhost:4566',
        },
        esbuild: {
            bundle: true,
            minify: false,
            sourcemap: true,
            exclude: ['aws-sdk'],
            target: 'node14',
            define: { 'require.resolve': undefined },
            platform: 'node',
            concurrency: 10,
        },
    },
};
module.exports = serverlessConfiguration;

Creating a new SSM Parameter using:

aws --endpoint-url=http://localhost:4566 ssm put-parameter --name "/secure/aue1/d1/agentcollab/mongo_url" --type String --value "mongodb://localhost:27017/agentcollab" --overwrite --region 'us-east-1'

From terminal when getting SSM Parameters:

aws ssm get-parameters --names "/secure/aue1/d1/agentcollab/mongo_url" --endpoint-url http://127.0.0.1:4566 --region 'us-east-1'

Got: 

{
    "Parameters": [
        {
            "Name": "/secure/aue1/d1/agentcollab/mongo_url",
            "Type": "String",
            "Value": "mongodb://localhost:27017/agentcollab",
            "Version": 1,
            "LastModifiedDate": "2024-01-31T17:19:36.092000-06:00",
            "ARN": "arn:aws:ssm:us-east-1:000000000000:parameter/secure/aue1/d1/agentcollab/mongo_url",
            "DataType": "text"
        }
    ],
    "InvalidParameters": []
}

Lambda:

const service: Handler = async (event: APIGatewayProxyEvent): Promise<LambdaResponse> => {
    try {
        const ssm = new SSM();
        const result = await ssm.getParameter({ Name: '/secure/aue1/d1/agentcollab/mongo_url', WithDecryption: true }).promise();
        console.log('ssm', result.Parameter?.Value);
        return { statusCode: 200, body: "always wrong"}
    } catch (error) {
        console.log(error);
    }
};
export const handler = middyfy(service);

Starting offline : serverless offline start

Then test the lamda with: curl -X POST http://localhost:3000/dev/profile -d '"{"name": "fake"}"' And the result is: UnrecognizedClientException: The security token included in the request is invalid.

aws/credentials:

[local]
region=us-east-1
aws_access_key_id = test
aws_secret_access_key = test

Version

"serverless": "^3.0.0",
"serverless-esbuild": "^1.23.3",
"serverless-localstack": "^1.2.0",
"serverless-offline": "^13.3.3",

Environment

- OS: Fedora 38
- LocalStack: latest
steffyP commented 4 months ago

Hey @xochilpili, from your docker-compose it seems like you are using the community version of localstack, potentially an older version? Please be aware that you need to add lambda to the SERVICES environment variable for localstack > 3.0 as otherwise the service would not be available at runtime.

For LocalStack Pro we have a feature called transparent endpoint injection, which would automatically redirect all your requests to LocalStack.

However, as you are using the community version, you need to add some additional settings for your lambda-code. Please follow the instructions in our docs.

steffyP commented 3 months ago

closing the ticket due to inactivity