Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`sam local invoke` fails due to file permissions made by `sam build`

See original GitHub issue

Description

sam local invoke fails due to sam build not providing all the needed file permissions for a successful mount into docker. Likely too many assumptions by sam build of umask, root, etc.

Fix is simple and discussed at https://superuser.com/questions/1482852/cant-get-aws-sam-hello-world-to-work-python/1483508

sam can not assume the permissions on the host filesystem are compatible with permissions needed inside the local docker test container. The uid and gid could be different. And the umask any permutation possible. Therefore sam must specifically set the permissions on these host filesystem files/dirs soon to be mounted into the docker container before mounting them.

Setup

  • Ubuntu 18.04.3 x86_64
  • Python 3.7.3
  • aws-cli/1.16.265 Python/3.6.8 Linux/5.0.0-32-generic botocore/1.13.1
  • SAM CLI, version 0.23.0
  • simple and valid template.yaml, requirements.txt, app.py, and myevent.json

Steps to reproduce

  1. sam build --template template.yaml --manifest requirements.txt
  2. sam local invoke --template .aws-sam/build/template.yaml --event myevent.json

Observed result

docker.errors.APIError: 400 Client Error: Bad Request ("OCI runtime create failed: container_linux.go:346: starting container process caused "chdir to cwd (\"/var/task\") set in config.json failed: permission denied": unknown")

Expected result

No error. And the expected output of your app.py.

Workaround

find .aws-sam/build/ -type d -print0 | xargs -0 chmod o+rx
find .aws-sam/build/ -type f -print0 | xargs -0 chmod o+r

Debug output of sam local invoke

Using SAM Template at /mnt/**redacted**/**redacted**/**redacted**/**redacted**/.aws-sam/build/template.yaml
Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
local invoke command is called
Collected default values for parameters: {'DNSZone': '**redacted**.com', 'LambdaVersionDescription': 'giterror-dirty'}
1 resources found in the template
Found Serverless function with name='**redacted**' and CodeUri='**redacted**'
Found one Lambda function with name '**redacted**'
Invoking app.lambda_handler (python3.7)
Environment variables overrides data is standard format
Loading AWS credentials from session with profile 'None'
2019-10-30 17:41:37 Found credentials in shared credentials file: ~/.aws/credentials
Resolving code path. Cwd=/mnt/**redacted**/**redacted**/**redacted**/**redacted**/.aws-sam/build, CodeUri=**redacted**
Resolved absolute path to code is /mnt/**redacted**/**redacted**/**redacted**/**redacted**/.aws-sam/build/**redacted**
Code /mnt/**redacted**/**redacted**/**redacted**/**redacted**/.aws-sam/build/**redacted** is not a zip/jar file
Skipping building an image since no layers were defined

Fetching lambci/lambda:python3.7 Docker container image......
Mounting /mnt/**redacted**/**redacted**/**redacted**/**redacted**/.aws-sam/build/**redacted** as /var/task:ro,delegated inside runtime container
Sending Telemetry: {'metrics': [{'commandRun': {'awsProfileProvided': False, 'debugFlagProvided': True, 'region': '', 'commandName': 'sam local invoke', 'duration': 3682, 'exitReason': 'APIError', 'exitCode': 255, 'requestId': '427ef3e7-a0a5-48a4-9413-dd724f3f9228', 'installationId': 'c648e689-e57c-4a3c-a26f-ca6d1fd13041', 'sessionId': 'c61bd142-b135-48e8-a771-1730684a3a0c', 'executionEnvironment': 'CLI', 'pyversion': '3.7.3', 'samcliVersion': '0.23.0'}}]}
HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
Traceback (most recent call last):
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/docker/api/client.py", line 261, in _raise_for_status
    response.raise_for_status()
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http+docker://localhost/v1.35/containers/6134a91edcf955e40b2de58015590e2221dfa6c61180e2ae3826e2091c635226/start

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/bin/sam", line 8, in <module>
    sys.exit(cli())
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/decorators.py", line 64, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/lib/telemetry/metrics.py", line 93, in wrapped
    raise exception  # pylint: disable=raising-bad-type
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/lib/telemetry/metrics.py", line 62, in wrapped
    return_value = func(*args, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/commands/local/invoke/cli.py", line 82, in cli
    parameter_overrides,
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/commands/local/invoke/cli.py", line 151, in do_cli
    context.function_name, event=event_data, stdout=context.stdout, stderr=context.stderr
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/commands/local/lib/local_lambda.py", line 97, in invoke
    self.local_runtime.invoke(config, event, debug_context=self.debug_context, stdout=stdout, stderr=stderr)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/local/lambdafn/runtime.py", line 83, in invoke
    self._container_manager.run(container)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/local/docker/manager.py", line 95, in run
    container.start(input_data=input_data)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/samcli/local/docker/container.py", line 189, in start
    real_container.start()
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/docker/models/containers.py", line 400, in start
    return self.client.api.start(self.id, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/docker/api/container.py", line 1095, in start
    self._raise_for_status(res)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/docker/api/client.py", line 263, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/home/**redacted**/.local/share/virtualenvs/**redacted**-XSNsCDE1/lib/python3.7/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 400 Client Error: Bad Request ("OCI runtime create failed: container_linux.go:346: starting container process caused "chdir to cwd (\"/var/task\") set in config.json failed: permission denied": unknown")

Related

https://github.com/awslabs/aws-sam-cli/issues/428

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:6
  • Comments:6 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
ychakercommented, Jan 28, 2021

Hi, I’m running into the same issue. we use Docker and AWS SSO for other projects, what we’ve done is configured docker-compose.yml to load the AWS credentials as a volume:

    volumes:
      - ~/.aws:/root/.aws

is there a way to make the build step load the .aws configs from the host machine?

0reactions
tostangscommented, Jun 2, 2021

Hi, I’m running into the same issue. we use Docker and AWS SSO for other projects, what we’ve done is configured docker-compose.yml to load the AWS credentials as a volume:

    volumes:
      - ~/.aws:/root/.aws

is there a way to make the build step load the .aws configs from the host machine?

I’m having the exact same issue, were you able to find a solution

Read more comments on GitHub >

github_iconTop Results From Across the Web

sam local invoke - AWS Serverless Application Model
The AWS SAM CLI first tries to locate a template file built using the sam build command, located in the .aws-sam subfolder, and...
Read more >
Tutorial: Deploying a Hello World application - 亚马逊云科技
Learn how to use Amazon SAM to deploy a basic Hello World application to the Amazon ... Invoke Function: sam local invoke [*]...
Read more >
Develop Lambdas And Debug Them Locally Using SAM
You can find the full code used in this video at GitHub. Who Is Sam? Sam (Serverless Application Model) is an AWS framework...
Read more >
Develop AWS Lambda locally using AWS SAM - The Chief IO
With templates you can describe which functions, API's, permissions etc. are linked to your serverless application in a standardized and clean way. SAM...
Read more >
Unable to create scheduled event using AWS SAM
I run sam validate and it comes back fine. I try to run sam deploy and the deployment fails when creating the schedule....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

sam build fails when using pyjwt[crypto] in requirements.txt

Next page

`sam build --parameter-overrides` fails to override