aws-ia / cfn-ps-duo-mfa Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
With the latest image updates, users are experiencing the following error in the ECS logs:
(UTC-6:00) Your configuration is not valid. Check the validation output for errors.
(UTC-6:00) Failed to start duoauthproxy: exit status 1
(UTC-6:00) If the duoauthproxy failed to start for connectivity reasons, the connectivity tool located at /opt/duoauthproxy/bin/authproxy_connectivity_tool can be run independently to test for connectivity problems.
(UTC-6:00) Unhandled Error
(UTC-6:00) Traceback (most recent call last):
(UTC-6:00) File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/twisted/application/app.py", line 674, in run
The stack fails at the point of creating DuoSnsCustomResourceLambda with the error "The runtime parameter of python3.7 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (python3.12) while creating or updating functions."
When deploying from the latest AL image 2023 has become the default causing an OpenSSL error that bricks the tasks:
An exception prevented the connectivity tool from running: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([<OpenSSLError(code=126615813, lib=15, reason=786693, reason_text=init fail)>])
I'm not sure what changes need to be made for the deployment to work with the 2023 AmazonLinux builds but as a workaround for now specifying AL2 works FROM public.ecr.aws/amazonlinux/amazonlinux:2
Have tried multiple times, every time it fails at logical ID Duo Service. When checking the task, they stop with the following error:
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 5 time(s): failed to fetch secret arn:aws:secretsmanager:us-east-2:507939854514:secret:DuoConfigurationSettings-d-9a670facd4-OWEGpG from secrets manager: RequestCanceled: request context canceled caused by: context deadline exceeded. Please check your task network configuration.
Using private network with NAT gateway. Can confirm access to internet.
Hello,
The Template deployed without issues after last weeks issues you addressed
Deployment into an existing VPC is done however the lambda functions dont show logs in cloudwatch and the function to update the settings on the direcotry service is not working. Shows as if it ran but no logs or changes are made to the environment.
Thanks
Peter
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.