aws-ia / cfn-ps-duo-mfa Goto Github PK

File: templates/duo-proxy-fargate.template.yaml
In line 1672 it appears there is an extra space that casuses the code to fail when running..

Hello,
The Template deployed without issues after last weeks issues you addressed
Deployment into an existing VPC is done however the lambda functions dont show logs in cloudwatch and the function to update the settings on the direcotry service is not working. Shows as if it ran but no logs or changes are made to the environment.

Thanks
Peter

When deploying from the latest AL image 2023 has become the default causing an OpenSSL error that bricks the tasks:

An exception prevented the connectivity tool from running: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([<OpenSSLError(code=126615813, lib=15, reason=786693, reason_text=init fail)>])

I'm not sure what changes need to be made for the deployment to work with the 2023 AmazonLinux builds but as a workaround for now specifying AL2 works FROM public.ecr.aws/amazonlinux/amazonlinux:2

With the latest image updates, users are experiencing the following error in the ECS logs:

(UTC-6:00) Your configuration is not valid. Check the validation output for errors.
(UTC-6:00) Failed to start duoauthproxy: exit status 1
(UTC-6:00) If the duoauthproxy failed to start for connectivity reasons, the connectivity tool located at /opt/duoauthproxy/bin/authproxy_connectivity_tool can be run independently to test for connectivity problems.
(UTC-6:00) Unhandled Error
(UTC-6:00) Traceback (most recent call last):
(UTC-6:00) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/twisted/application/app.py", line 674, in run

Have tried multiple times, every time it fails at logical ID Duo Service. When checking the task, they stop with the following error:
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 5 time(s): failed to fetch secret arn:aws:secretsmanager:us-east-2:507939854514:secret:DuoConfigurationSettings-d-9a670facd4-OWEGpG from secrets manager: RequestCanceled: request context canceled caused by: context deadline exceeded. Please check your task network configuration.

Using private network with NAT gateway. Can confirm access to internet.