#// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. #// SPDX-License-Identifier: MIT-0
To deploy this solution, please visit our blog: Mitigate Data Leakage Through The Use of AppStream 2.0 and End-To-End Auditing.
License: MIT No Attribution
#// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. #// SPDX-License-Identifier: MIT-0
To deploy this solution, please visit our blog: Mitigate Data Leakage Through The Use of AppStream 2.0 and End-To-End Auditing.
We had deployed the provided solution in our environment and observed an issue with UserPool user.
While executing the solution with custom user we could see Appstream describe session is able to generate active session Id in lambda function and able to start the sagemaker notebook successfully.
Observed an issue while executing with UserPool user as the lambda function describe-session is not able to generate active sessions and leads lambda to failure with below error
[ERROR] IndexError: list index out of range Traceback (most recent call last):
File "/var/task/data_sandbox_lambda.py", line 27, in lambda_handler
resp_user_session = resp['Sessions'][0]['Id']
Attached error files
Cloudwatch log shows both custom & userpool user
Active session logs from CLI.
Thanks,
Pavan
With CDK V2 becoming GA, it became the default CDK version installed when running the command npm install -g aws-cdk
.
I suggest creating a package.json
file that tells npm to locally install CDK with a specific version.
{
"devDependencies": {
"aws-cdk": "1.X.0"
}
}
The commands used to run this solution would changed like so:
Change npm install -g aws-cdk
to npm install
.
Change cdk bootstrap
to npx cdk bootstrap
.
Change cdk deploy DataSandbox
to npx cdk deploy DataSandbox
.
I tried to deploy this solution and I encountered a problem that caused the data_sandbox_lambda Lambda function to fail at put_object
with error:
[ERROR] NoSuchBucket: An error occurred (NoSuchBucket) when calling the PutObject operation: The specified bucket does not exist
At the image creation step, create an AppStream 2.0 image with digits in the name, for example my-image-00
. Then continue as normal through the steps of deployment as described in the blog post.
I debugged it for a bit and found that in the session.json file, "bucketName" was:
appstream2-36fb080bb8-us-east-1-12345678901200
Where my account id would be 123456789012
(notice the trailing "00").
I searched for where these trailing zeros come from and found that in the sagemaker-notebook.ps1 powershell script, we get the account ID like so:
$ArnID = $env:AppStream_Image_Arn -replace "[^0-9]", ''
$AccountId = $ArnID.substring(1)
Which does not take into account digits in the image name, and would leave trailing digits in the account id if any are present.
To overcome this problem I changed the two lines above to with this line:
$AccountId = $env:AppStream_Image_Arn.Split(":")[4]
When install the python dependencies using
pip install -r requirements.txt
I get the following error:
ERROR: Cannot install -r requirements.txt (line 11), -r requirements.txt (line 7) and aws-cdk.aws-s3-assets==1.51.0 because these package versions have conflicting dependencies.
The conflict is caused by:
The user requested aws-cdk.aws-s3-assets==1.51.0
aws-cdk-aws-lambda 1.51.0 depends on aws-cdk.aws-s3-assets==1.51.0
aws-cdk-aws-s3-deployment 1.50.0 depends on aws-cdk.aws-s3-assets==1.50.0
There is a conflict between aws-cdk-aws-lambda 1.51.0
and aws-cdk-aws-s3-deployment 1.50.0
.
Upgrading aws-cdk-aws-s3-deployment 1.50.0
to aws-cdk-aws-s3-deployment 1.51.0
works, however after doing that, when deploying the CDK application I get to following error:
Embedded stack arn:aws:cloudformation:us-east-1:012345678901:stack/DataSandbox-appstreamservicerolesstackNestedStackappstreamservicerolesstackNestedStack-9D140RXJRAJN/2a1e76b0-c3b1-11ec-b6a2-12b935dbbaef was not successfully created: The following resource(s) failed to create: [LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A].
To overcome this I upgraded all the aws-cdk* python packages to the current latest CDK V1 version: 1.153.1
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.