awsweeper running in Lambda issue

[showerlee]

Hi @jckuester, I just have a specific scenario
I want to run the awsweeper in AWS Lambda.
Things are quite good if I just deploy each Lambda with awsweeper in different region
And awsweeper is working as expected in each Lambda of regions

But for cost reason, setup 4 NAT GATEWAY for Lambda use in each region is quite expensive as awsweeper need to download something when running the CMD in Lambda

So I just try to setup 1 Lambda in a region basically running 4 CMD cleanup for save cost purpose with following:

./bin/awsweeper --region ap-northeast-1 --dry-run ./config/aws_resource.yml
./bin/awsweeper --region ap-northeast-2 --dry-run ./config/aws_resource.yml
./bin/awsweeper --region ap-southeast-1 --dry-run ./config/aws_resource.yml
./bin/awsweeper --region ap-southeast-2 --dry-run ./config/aws_resource.yml

But I got the issue in CloudWatch Loggroup which implies CMD not running correctly.

• downloaded and installed provider name=aws version=2.59.0
--
  | 2020-06-03T20:00:07.051+08:00 | • configured provider name=aws version=2.59.0
  | 2020-06-03T20:00:07.095+08:00 | • SHOWING RESOURCES THAT WOULD BE DELETED (DRY RUN)
  | 2020-06-03T20:00:09.369+08:00 | panic: can't use ElementIterator on null value
  | 2020-06-03T20:00:09.369+08:00 | goroutine 1 [running]:
  | 2020-06-03T20:00:09.369+08:00 | github.com/zclconf/go-cty/cty.Value.ElementIterator(0x6378ba0, 0xc000506410, 0x0, 0x0, 0x10, 0x2)
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1038 +0x101
  | 2020-06-03T20:00:09.369+08:00 | github.com/zclconf/go-cty/cty.Value.AsValueMap(0x6378ba0, 0xc000506410, 0x0, 0x0, 0x1)
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1243 +0xe5
  | 2020-06-03T20:00:09.369+08:00 | github.com/cloudetc/awsweeper/pkg/resource.GetTags(0xc0008f3770, 0xb, 0xb, 0x0)
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/pkg/resource/select.go:54 +0xe7
  | 2020-06-03T20:00:09.369+08:00 | github.com/cloudetc/awsweeper/pkg/resource.Filter.Apply(0xc0004633e0, 0xc000ba2ea0, 0x3, 0x4, 0xc000ba2ea0, 0x3, 0x4)
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/pkg/resource/select.go:15 +0x10a
  | 2020-06-03T20:00:09.369+08:00 | github.com/cloudetc/awsweeper/pkg/resource.List(0xc000528170, 0xc000bc0000, 0xc00068e400, 0xc000440b20, 0x5ab8ee6, 0x6, 0xc00032a390, 0x0, 0x0)
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/pkg/resource/list.go:56 +0x61f
  | 2020-06-03T20:00:09.369+08:00 | main.mainExitCode(0x0)
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/main.go:157 +0xd77
  | 2020-06-03T20:00:09.369+08:00 | main.main()
  | 2020-06-03T20:00:09.369+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/main.go:30 +0x22
  | 2020-06-03T20:00:09.373+08:00 | [ERROR] CalledProcessError: Command '['./bin/awsweeper', '--region', 'ap-northeast-1', '--dry-run', './config/aws_resource.yml']' returned non-zero exit status 2. Traceback (most recent call last):   File "/var/task/src/awsweeper.py", line 17, in lambda_handler     output2 = subprocess.check_output(CMD2, universal_newlines=True)   File "/var/lang/lib/python3.8/subprocess.py", line 411, in check_output     return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,   File "/var/lang/lib/python3.8/subprocess.py", line 512, in run     raise CalledProcessError(retcode, process.args,
  | 2020-06-03T20:00:09.374+08:00 | END RequestId: ae1b42fc-50be-4e77-8b27-ceb92a1664a1

The above 4 CMD is running good in my local laptop.
So just want to know if something happen with the code that is not compatible for executing CMD with --region ap-northeast-1 and this specific region is not what Lambda deployed in.

i.e. I run ./bin/awsweeper --region ap-northeast-1 --dry-run ./config/aws_resource.yml in one Lambda and the Lambda is deployed in ap-northeast-2

The Lambda role is quite loose as I give Lambda most power to running anything, so I think this error is not related to permission issue.

[jckuester]

Hi @showerlee,

1. the nil pointer panic (panic: can't use ElementIterator on null value) is definitely a bug, which I need to fix.

2. can you run awsweeper with -debug flag, so that we can see more infos?

3. How are you downloading the awsweeper binary into the lambda? From an S3 bucket? An option would be to also pre-download the extra binary that awsweeper needs (https://releases.hashicorp.com/terraform-provider-aws/2.59.0/) and then you wouldn't need the NAT gatway. I would need to fix something first for this "offline" mode, though.

4. I will investigate myself if it is problem running awsweeper in a lambda in another region. If so, it shouldn't be this way.

Cheers.
Jan

[showerlee]

Hi @jckuester ,

1. the nil pointer panic (panic: can't use ElementIterator on null value) is definitely a bug, which I need to fix.
   Thanks for identifying this is a bug.

2. can you run awsweeper with -debug flag, so that we can see more infos?
   Here is the output for debug mode.

2020-06-07T17:02:00.673+08:00 | START RequestId: e1dcc93a-b710-4c66-8ac2-edae677987d9 Version: $LATEST
-- | --
  | 2020-06-07T17:02:12.540+08:00 | • downloaded and installed provider name=aws version=2.59.0
  | 2020-06-07T17:02:16.811+08:00 | • configured provider name=aws version=2.59.0
  | 2020-06-07T17:02:16.905+08:00 | • SHOWING RESOURCES THAT WOULD BE DELETED (DRY RUN)
  | 2020-06-07T17:02:17.449+08:00 | • failed to import resource; trying to read resource without import error=error reading ECS Cluster (arn:aws:ecs:ap-northeast-1:494xxxxxxxx5:cluster/arn:aws:ecs:ap-northeast-1:494xxxxxxxxx5:cluster/bayer-demo): InvalidParameterException: Unsupported resource type: cluster id=arn:aws:ecs:ap-northeast-1:494xxxxxxxx95:cluster/bayer-demo type=aws_ecs_cluster
  | 2020-06-07T17:02:19.225+08:00 | panic: can't use ElementIterator on null value
  | 2020-06-07T17:02:19.225+08:00 | goroutine 1 [running]:
  | 2020-06-07T17:02:19.225+08:00 | github.com/zclconf/go-cty/cty.Value.ElementIterator(0x6378ba0, 0xc000564488, 0x0, 0x0, 0x10, 0x2)
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1038 +0x101
  | 2020-06-07T17:02:19.225+08:00 | github.com/zclconf/go-cty/cty.Value.AsValueMap(0x6378ba0, 0xc000564488, 0x0, 0x0, 0x1)
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1243 +0xe5
  | 2020-06-07T17:02:19.225+08:00 | github.com/cloudetc/awsweeper/pkg/resource.GetTags(0xc000239770, 0xb, 0xb, 0x0)
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/pkg/resource/select.go:54 +0xe7
  | 2020-06-07T17:02:19.225+08:00 | github.com/cloudetc/awsweeper/pkg/resource.Filter.Apply(0xc000527590, 0xc000d56b40, 0x3, 0x4, 0xc000d56b40, 0x3, 0x4)
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/pkg/resource/select.go:15 +0x10a
  | 2020-06-07T17:02:19.225+08:00 | github.com/cloudetc/awsweeper/pkg/resource.List(0xc0000c20b8, 0xc000d60000, 0xc0001bc800, 0xc000600b80, 0x5ab8ee6, 0x6, 0xc000061860, 0x0, 0x0)
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/pkg/resource/list.go:56 +0x61f
  | 2020-06-07T17:02:19.225+08:00 | main.mainExitCode(0x0)
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/main.go:157 +0xd77
  | 2020-06-07T17:02:19.225+08:00 | main.main()
  | 2020-06-07T17:02:19.225+08:00 | /home/jan/git/github.com/cloudetc/awsweeper/main.go:30 +0x22
  | 2020-06-07T17:02:19.229+08:00 | [ERROR] CalledProcessError: Command '['./bin/awsweeper', '--debug', '--region', 'ap-northeast-1', '--dry-run', './config/aws_resource.yml']' returned non-zero exit status 2. Traceback (most recent call last):   File "/var/task/src/awsweeper.py", line 17, in lambda_handler     output2 = subprocess.check_output(CMD2, universal_newlines=True)   File "/var/lang/lib/python3.8/subprocess.py", line 411, in check_output     return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,   File "/var/lang/lib/python3.8/subprocess.py", line 512, in run     raise CalledProcessError(retcode, process.args,
  | 2020-06-07T17:02:19.237+08:00 | END RequestId: e1dcc93a-b710-4c66-8ac2-edae677987d9
  | 2020-06-07T17:02:19.237+08:00 | REPORT RequestId: e1dcc93a-b710-4c66-8ac2-edae677987d9 Duration: 18563.05 ms Billed Duration: 18600 ms Memory Size: 512 MB Max Memory Used: 504 MB Init Duration: 120.13 ms
  | 2020-06-07T17:06:03.457+08:00 | START RequestId: 81239d90-efb1-46ed-afa8-453fc442cf75 Version: $LATEST

3. How are you downloading the awsweeper binary into the lambda? From an S3 bucket? An option would be to also pre-download the extra binary that awsweeper needs (https://releases.hashicorp.com/terraform-provider-aws/2.59.0/) and then you wouldn't need the NAT gatway. I would need to fix something first for this "offline" mode, though.
   Yes, I build and package awsweeper binary in local, upload to s3 for Lambda use.
   Not sure how to proceed the manual setup for terraform-provider-aws for the offline mode.

4. I will investigate myself if it is problem running awsweeper in a lambda in another region. If so, it shouldn't be this way.
   Looking forward to another magic, thanks in advance.

[jckuester]

Is it actually the new version https://github.com/jckuester/awsweeper/releases/tag/v0.9.0 that you are using here?

[showerlee]

Yes, it should be the newest version. otherwise the new tag feature will not be workable.

[jckuester]

Sorry for my late replies.

I fixed the panic in https://github.com/jckuester/awsweeper/releases/tag/v0.10.0. Can you try if the new version makes any difference?

For the offline mode, I first have to make some changes, so that this can work. I'll let you know when I am done and give you a more detailed instruction.

Unfortunately, I didn't find time yet to start a lambda myself and reconstruct the problem.

[showerlee]

Thanks @jckuester
I will be busy with a few stuff recently, will let you know if the new version is workable in Lambda.
Happy to know you bring in offline mode soon.

Much appreciate.

[jckuester]

Just letting you know that the offline mode is coming in PR #116 and is released soon. Hope that will help to get rid of the NAT gateway.

[jckuester]

Released in v0.10.2.

For offline mode, please copy the Terraform AWS provider binary (https://releases.hashicorp.com/terraform-provider-aws/2.68.0/) to ~/.awsweeper/terraform-provider-aws_v2.68.0_x4 (note: the binary name might differ for the platform that you're using).