Set VPC Flow log error - "state" attribute
See original GitHub issueI am trying to design a policy to enable VPC flow logs for all VPC that does not have it enabled. The policy is:
policies:
- name: enable-vpc-flow-logs
resource: vpc
comments: |
Enables VPC flow logs
mode:
execution-options:
log_group: /aws/enable-vpc-flow-logs/resources
role: arn:aws:iam::{account_id}:role/CloudCustodianExecutionRole
type: periodic
schedule: "rate(2 minutes)"
filters:
- type: flow-logs
enabled: false
actions:
- type: set-flow-log
DeliverLogsPermissionArn: arn:aws:iam::${ACCOUNT}:role/role
LogGroupName: /custodian/vpc/flowlogs/
TrafficType: ALL
state: true
However i am getting the following error, not sure why even when i am passing the state information:
START RequestId: bd7b329c-d677-11e8-8925-01840da49e11 Version: $LATEST
[INFO] 2018-10-23T03:57:20.426Z bd7b329c-d677-11e8-8925-01840da49e11 Processing event
{
"account": "[sanitized]",
"region": "us-east-1",
"detail": {},
"detail-type": "Scheduled Event",
"source": "aws.events",
"version": "0",
"time": "2018-10-23T03:56:45Z",
"debug": true,
"id": "a83eb09d-de5e-2155-62ef-24490c335d43",
"resources": [
"arn:aws:events:us-east-1:8[sanitized]:rule/custodian-enable-vpc-flow-logs"
]
}
[DEBUG] 2018-10-23T03:57:20.427Z bd7b329c-d677-11e8-8925-01840da49e11 Storing output with <CloudWatchLogOutput to group:/aws/enable-vpc-flow-logs/resources stream:enable-vpc-flow-logs>
[DEBUG] 2018-10-23T03:57:20.899Z bd7b329c-d677-11e8-8925-01840da49e11 Running policy enable-vpc-flow-logs resource: vpc region:us-east-1 c7n:0.8.31.2
[DEBUG] 2018-10-23T03:57:21.312Z bd7b329c-d677-11e8-8925-01840da49e11 Filtered from 1 to 1 vpc
[INFO] 2018-10-23T03:57:21.312Z bd7b329c-d677-11e8-8925-01840da49e11 policy: enable-vpc-flow-logs resource:vpc region:us-east-1 count:1 time:0.25
[DEBUG] 2018-10-23T03:57:21.321Z bd7b329c-d677-11e8-8925-01840da49e11 metric:ResourceCount Count:1 policy:enable-vpc-flow-logs restype:vpc scope:policy
[DEBUG] 2018-10-23T03:57:21.321Z bd7b329c-d677-11e8-8925-01840da49e11 metric:PolicyException Count:1 policy:enable-vpc-flow-logs restype:vpc
[DEBUG] 2018-10-23T03:57:21.321Z bd7b329c-d677-11e8-8925-01840da49e11 metric:ApiCalls Count:0 policy:enable-vpc-flow-logs restype:vpc
[ERROR] 2018-10-23T03:57:21.522Z bd7b329c-d677-11e8-8925-01840da49e11 Error while executing policy
Traceback (most recent call last):
File "/var/task/c7n/policy.py", line 273, in run
results = a.process(resources)
File "/var/task/c7n/resources/vpc.py", line 1810, in process
if not self.state:
AttributeError: 'CreateFlowLogs' object has no attribute 'state'
'CreateFlowLogs' object has no attribute 'state': AttributeError
Traceback (most recent call last):
File "/var/task/custodian_policy.py", line 4, in run
return handler.dispatch_event(event, context)
File "/var/task/c7n/handler.py", line 91, in dispatch_event
p.push(event, context)
File "/var/task/c7n/policy.py", line 834, in push
return mode.run(event, lambda_ctx)
File "/var/task/c7n/policy.py", line 516, in run
return PullMode.run(self)
File "/var/task/c7n/policy.py", line 273, in run
results = a.process(resources)
File "/var/task/c7n/resources/vpc.py", line 1810, in process
if not self.state:
AttributeError: 'CreateFlowLogs' object has no attribute 'state'
END RequestId: bd7b329c-d677-11e8-8925-01840da49e11
Issue Analytics
- State:
- Created 5 years ago
- Comments:15 (3 by maintainers)
Top Results From Across the Web
Logging IP traffic using VPC Flow Logs - AWS Documentation
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in...
Read more >describe-flow-logs — AWS CLI 2.9.4 Command Reference
Describes one or more flow logs. To view the published flow log records, you must view the log destination. For example, the CloudWatch...
Read more >VPC Flow Logs | Google Cloud
VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as Google Kubernetes Engine...
Read more >Network Flow Log Query Attributes
Learn about Network Query attributes in RQL using VPC flow log records. When you configure Prisma Cloud to retrieve information from VPC ...
Read more >VPC Flow Logs Governance - Medium
ACM.63 Enforce the existence of VPC Flow Logs on All VPCs ... But, when you try to set both you get this error...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I think I see the issue, pr coming shortly
Hi @kapilt Im still having issues executing this policy in Lambda. Here are the error logs from Lambda.
[ERROR] Error while executing policy
Traceback (most recent call last): File "/var/task/c7n/handler.py", line 165, in dispatch_event p.push(event, context) File "/var/task/c7n/policy.py", line 903, in push return mode.run(event, lambda_ctx) File "/var/task/c7n/policy.py", line 520, in run return PullMode.run(self) File "/var/task/c7n/policy.py", line 264, in run results = a.process(resources) File "/var/task/c7n/resources/vpc.py", line 1888, in process if not self.state: AttributeError: 'CreateFlowLogs' object has no attribute 'state'
[ERROR] AttributeError: ‘CreateFlowLogs’ object has no attribute ‘state’
Traceback (most recent call last): File "/var/task/custodian_policy.py", line 4, in run return handler.dispatch_event(event, context) File "/var/task/c7n/handler.py", line 165, in dispatch_event p.push(event, context) File "/var/task/c7n/policy.py", line 903, in push return mode.run(event, lambda_ctx) File "/var/task/c7n/policy.py", line 520, in run return PullMode.run(self) File "/var/task/c7n/policy.py", line 264, in run results = a.process(resources) File "/var/task/c7n/resources/vpc.py", line 1888, in process if not self.state: