Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Set VPC Flow log error - "state" attribute

See original GitHub issue

I am trying to design a policy to enable VPC flow logs for all VPC that does not have it enabled. The policy is:

policies:
  - name: enable-vpc-flow-logs
    resource: vpc
    comments: |
      Enables VPC flow logs
    mode:
      execution-options:
        log_group: /aws/enable-vpc-flow-logs/resources
      role: arn:aws:iam::{account_id}:role/CloudCustodianExecutionRole
      type: periodic
      schedule: "rate(2 minutes)"
    filters:
      - type: flow-logs
        enabled: false
    actions:
      - type: set-flow-log
        DeliverLogsPermissionArn: arn:aws:iam::${ACCOUNT}:role/role
        LogGroupName: /custodian/vpc/flowlogs/
        TrafficType: ALL
        state: true

However i am getting the following error, not sure why even when i am passing the state information:

START RequestId: bd7b329c-d677-11e8-8925-01840da49e11 Version: $LATEST
[INFO]	2018-10-23T03:57:20.426Z	bd7b329c-d677-11e8-8925-01840da49e11	Processing event
{
    "account": "[sanitized]",
    "region": "us-east-1",
    "detail": {},
    "detail-type": "Scheduled Event",
    "source": "aws.events",
    "version": "0",
    "time": "2018-10-23T03:56:45Z",
    "debug": true,
    "id": "a83eb09d-de5e-2155-62ef-24490c335d43",
    "resources": [
        "arn:aws:events:us-east-1:8[sanitized]:rule/custodian-enable-vpc-flow-logs"
    ]
}

[DEBUG]	2018-10-23T03:57:20.427Z	bd7b329c-d677-11e8-8925-01840da49e11	Storing output with <CloudWatchLogOutput to group:/aws/enable-vpc-flow-logs/resources stream:enable-vpc-flow-logs>
[DEBUG]	2018-10-23T03:57:20.899Z	bd7b329c-d677-11e8-8925-01840da49e11	Running policy enable-vpc-flow-logs resource: vpc region:us-east-1 c7n:0.8.31.2
[DEBUG]	2018-10-23T03:57:21.312Z	bd7b329c-d677-11e8-8925-01840da49e11	Filtered from 1 to 1 vpc
[INFO]	2018-10-23T03:57:21.312Z	bd7b329c-d677-11e8-8925-01840da49e11	policy: enable-vpc-flow-logs resource:vpc region:us-east-1 count:1 time:0.25
[DEBUG]	2018-10-23T03:57:21.321Z	bd7b329c-d677-11e8-8925-01840da49e11	metric:ResourceCount Count:1 policy:enable-vpc-flow-logs restype:vpc scope:policy
[DEBUG]	2018-10-23T03:57:21.321Z	bd7b329c-d677-11e8-8925-01840da49e11	metric:PolicyException Count:1 policy:enable-vpc-flow-logs restype:vpc
[DEBUG]	2018-10-23T03:57:21.321Z	bd7b329c-d677-11e8-8925-01840da49e11	metric:ApiCalls Count:0 policy:enable-vpc-flow-logs restype:vpc
[ERROR]	2018-10-23T03:57:21.522Z	bd7b329c-d677-11e8-8925-01840da49e11	Error while executing policy
Traceback (most recent call last):
File "/var/task/c7n/policy.py", line 273, in run
results = a.process(resources)
File "/var/task/c7n/resources/vpc.py", line 1810, in process
if not self.state:
AttributeError: 'CreateFlowLogs' object has no attribute 'state'
'CreateFlowLogs' object has no attribute 'state': AttributeError
Traceback (most recent call last):
File "/var/task/custodian_policy.py", line 4, in run
return handler.dispatch_event(event, context)
File "/var/task/c7n/handler.py", line 91, in dispatch_event
p.push(event, context)
File "/var/task/c7n/policy.py", line 834, in push
return mode.run(event, lambda_ctx)
File "/var/task/c7n/policy.py", line 516, in run
return PullMode.run(self)
File "/var/task/c7n/policy.py", line 273, in run
results = a.process(resources)
File "/var/task/c7n/resources/vpc.py", line 1810, in process
if not self.state:
AttributeError: 'CreateFlowLogs' object has no attribute 'state'

END RequestId: bd7b329c-d677-11e8-8925-01840da49e11

Issue Analytics

State:
Created 5 years ago
Comments:15 (3 by maintainers)

Top GitHub Comments

1reaction

kapiltcommented, Apr 15, 2019

I think I see the issue, pr coming shortly

0reactions

rheakcommented, Apr 15, 2019

Hi @kapilt Im still having issues executing this policy in Lambda. Here are the error logs from Lambda.

[ERROR] Error while executing policy Traceback (most recent call last): File "/var/task/c7n/handler.py", line 165, in dispatch_event p.push(event, context) File "/var/task/c7n/policy.py", line 903, in push return mode.run(event, lambda_ctx) File "/var/task/c7n/policy.py", line 520, in run return PullMode.run(self) File "/var/task/c7n/policy.py", line 264, in run results = a.process(resources) File "/var/task/c7n/resources/vpc.py", line 1888, in process if not self.state: AttributeError: 'CreateFlowLogs' object has no attribute 'state'

[ERROR] AttributeError: ‘CreateFlowLogs’ object has no attribute ‘state’ Traceback (most recent call last): File "/var/task/custodian_policy.py", line 4, in run return handler.dispatch_event(event, context) File "/var/task/c7n/handler.py", line 165, in dispatch_event p.push(event, context) File "/var/task/c7n/policy.py", line 903, in push return mode.run(event, lambda_ctx) File "/var/task/c7n/policy.py", line 520, in run return PullMode.run(self) File "/var/task/c7n/policy.py", line 264, in run results = a.process(resources) File "/var/task/c7n/resources/vpc.py", line 1888, in process if not self.state: