search

mlevit / aws-auto-cleanup

Programmatically delete AWS resources based on an allowlist and time to live (TTL) settings
MIT License
496 stars 55 forks source link

Error when invoking "TypeError: argument of type 'NoneType' is not iterable" #100

Closed membra closed 2 years ago

membra commented 2 years ago

Describe the bug

Invoking a cleanup with npm run logs -- --region ap-southeast-2 --aws-profile rsadmin

Getting this error in the process: [INFO] Switching to 'ap-southeast-2' region. (main.py, run_cleanup(), line 66) Exception in thread Thread-106: Traceback (most recent call last): File "/var/lang/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/var/lang/lib/python3.8/threading.py", line 870, in run self._target(*self._args, **self._kwargs) File "/var/task/src/cloudformation_cleanup.py", line 255, in delete_stack if "/" in resource_child_id: TypeError: argument of type 'NoneType' is not iterable

Full log with debug level attached: output.txt

I suspect it is failing on a certain resource, how do I figure out which one exactly?

membra commented 2 years ago

Looking at the last processed resource I suspect it might have to do with this particular resource that does not have a physical name

image

mlevit commented 2 years ago

@membra I think you're right. I actually introduced this "bug" when I fixed issue https://github.com/servian/aws-auto-cleanup/issues/97. I don't however know if this is a legit problem or not as it looks like that resource has been "deleted" and therefore the app shouldn't even be looking at those resources.

Maybe I need to filter out those resources when retrieving the resources in the app that I'm whitelisting etc.

I see that the Stack itself is in a ROLLBACK_COMPLETE state, yet you only have two resources and both were deleted. Can you give me more info?

mlevit commented 2 years ago

Can you also run the following CLI for me and send me your output. Make sure you redact any private info.

membra commented 2 years ago

@mlevit That was the first time I was running the cleanup tool in the actual target account I will be eventually cleaning up. There are many devs working there, This particular stack was just in the middle of work / investigation and I cannot find exact detail of why it was in this state. It is not now in that state anymore, it has been updated since so the describe stack won't give anything important I think now anymore.

But that state it was in - is definitely a real life situation which can block the execution of the cleanup.

membra commented 2 years ago

I got the same issue in another account as well, here is the output of the command, the resource lacks physical id

{
    "StackResources": [
        {
            "StackName": "cfn-as2-sand-harvey-ec2-security",
            "StackId": "arn:aws:cloudformation:ap-southeast-2:accid:stack/cfn-as2-sand-harvey-ec2-security/4e2dbfc0-6ec0-11ec-a6d1-02f59a33595a",
            "LogicalResourceId": "HarveyEC2Security",
            "PhysicalResourceId": "cfn-as2-sand-harvey-ec2-security-HarveyEC2Security-1WPCTX9KJYUGO",
            "ResourceType": "AWS::EC2::SecurityGroup",
            "Timestamp": "2022-01-06T07:14:56.798000+00:00",
            "ResourceStatus": "DELETE_COMPLETE",
            "DriftInformation": {
                "StackResourceDriftStatus": "NOT_CHECKED"
            }
        },
        {
            "StackName": "cfn-as2-sand-harvey-ec2-security",
            "StackId": "arn:aws:cloudformation:ap-southeast-2:accid:stack/cfn-as2-sand-harvey-ec2-security/4e2dbfc0-6ec0-11ec-a6d1-02f59a33595a",
            "LogicalResourceId": "HostRole",
            "ResourceType": "AWS::IAM::Role",
            "Timestamp": "2022-01-06T07:14:54.444000+00:00",
            "ResourceStatus": "DELETE_COMPLETE",
            "DriftInformation": {
                "StackResourceDriftStatus": "NOT_CHECKED"
            }
        }
    ]
}
mlevit commented 2 years ago

Thanks for that. I'm going to assume the physical ID is missing because the resource has been deleted. Let me add a check for it next week.

Try to keep that stack there for testing 😀

mlevit commented 2 years ago

@membra I've made a patch for this issue. Can you test it for me: https://github.com/servian/aws-auto-cleanup/tree/physical-id-missing

membra commented 2 years ago

@mlevit

same issue from what I see so far in the screenshot you see I am in your new branch image

mlevit commented 2 years ago

I don't believe you've deployed that branch. The following line

if "/" in resource_child_id:

has actually changed to

if "/" in resource_child_physical_id:

Please check again.

membra commented 2 years ago

correct, i didn't deploy, just ran, will do, sorry

membra commented 2 years ago

that looks fine to me now, thanks! Do you need any logs confirming that? For me it looks like it finished analyzing the account, so I am good

ghost commented 2 years ago

There should be some logs stating something along the lines of does not have a PhysicalResourceId and cannot be whitelisted.

They are however DEBUG logs meaning you'll have to change the log_level within the serverless.yml file to DEBUG.

membra commented 2 years ago

image