Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Permissions trouble on AWS Lambda, can't spawn child process

Tags:

So I've created this nice little lambda, which runs great locally, however not so much when actually out in the wild.

The lambda takes an event, with html in the event source, converts that html to a PDF (using the html-pdf node module), passes that pdf to an s3 bucket, and then hands back a signed url that expires in 60 seconds.

Or at least that is what ought to happen (again, works locally). When testing on Lambda, I get the following error:

{
   "errorMessage": "spawn EACCES",
   "errorType": "Error",
   "stackTrace": [
       "exports._errnoException (util.js:870:11)",
       "ChildProcess.spawn (internal/child_process.js:298:11)",
       "Object.exports.spawn (child_process.js:362:9)",
       "PDF.PdfExec [as exec] (/var/task/node_modules/html-pdf/lib/pdf.js:87:28)",
       "PDF.PdfToFile [as toFile] (/var/task/node_modules/html-pdf/lib/pdf.js:83:8)",
       "/var/task/index.js:72:43",
       "Promise._execute (/var/task/node_modules/bluebird/js/release/debuggability.js:272:9)",
       "Promise._resolveFromExecutor (/var/task/node_modules/bluebird/js/release/promise.js:473:18)",
       "new Promise   (/var/task/node_modules/bluebird/js/release/promise.js:77:14)",
       "createPDF (/var/task/index.js:71:19)",
       "main (/var/task/index.js:50:5)"
  ]
}

Here's the code itself (not compiled, there's a handy gulp task for that)

if(typeof regeneratorRuntime === 'undefined') {
    require("babel/polyfill")
}

import fs from 'fs'
import pdf from 'html-pdf'
import md5 from 'md5'
import AWS from 'aws-sdk'
import Promise from 'bluebird'
import moment from 'moment'

const tempDir = '/tmp'
const config = require('./config')
const s3 = new AWS.S3()

export const main = (event, context) => {
    console.log("Got event: ", event)

    AWS.config.update({
        accessKeyId: config.awsKey,
        secretAccessKey: config.awsSecret,
        region: 'us-east-1'
    })

    const filename = md5(event.html) + ".pdf"

    createPDF(event.html, filename).then(function(result) {
        uploadToS3(filename, result.filename).then(function(result) {
            getOneTimeUrl(filename).then(function(result) {
                return context.succeed(result)
            }, function(err) {
                console.log(err)
                return context.fail(err)
            })
        }, function(err) {
            console.log(err)
            return context.fail(err)
        })
    }, function(err) {
        console.log(err)
        return context.fail(err)
    })
}

const createPDF = (html, filename) => {
    console.log("Creating PDF")
    var promise = new Promise(function(resolve, reject) {
        pdf.create(html).toFile(filename, function(err, res) {
            if (err) {
                reject(err)
            } else {
                resolve(res)
            }
        })
    })
    return promise
}

const uploadToS3 = (filename, filePath) => {
    console.log("Pushing to S3")
    var promise = new Promise(function(resolve, reject) {

        var fileToUpload = fs.createReadStream(filePath)
        var expiryDate = moment().add(1, 'm').toDate()

        var uploadParams = {
            Bucket: config.pdfBucket,
            Key: filename,
            Body: fileToUpload
        }

        s3.upload(uploadParams, function(err, data) {
            if(err) {
                reject(err)
            } else {
                resolve(data)
            }
        })
    })
    return promise
}

const getOneTimeUrl = (filename) => {
    var promise = new Promise(function(resolve, reject) {
        var params = {
            Bucket: config.pdfBucket,
            Key: filename,
            Expires: 60
        }

        s3.getSignedUrl('getObject', params, function(err, url) {
            if (err) {
                reject(err)
            } else {
                resolve(url)
            }
        })
    })
    return promise
}

Seems like a problem within html-pdf. I thought it might be a problem with PhantomJS (which html-pdf depends on) due to some reading I did here: https://engineering.fundingcircle.com/blog/2015/04/09/aws-lambda-for-great-victory/ , however, since Lambda has bumped the max zip size to 50mb, I don't have a problem uploading the binary.

Any thoughts?

like image 424
wvm2008 Avatar asked May 06 '16 22:05

wvm2008


People also ask

How do you grant permission to Lambda?

Open the Functions page of the Lambda console. Choose a function. Choose Configuration and then choose Permissions.

Which permissions would be required for the package to function correctly in an AWS Lambda environment?

The correct permissions for all executable files within a Lambda deployment package is 644 in Unix permissions numeric notation. For folders within a deployment package, the correct permissions setting is 755.

Is not authorized to perform Lambda InvokeFunction?

The error is saying the user under which the nodejs program is running does not have rights to start the Lambda function. You need to give your IAM user the lambda:InvokeFunction permission: Find your User in the IAM Management Console and click it.

Why wasnt my Lambda function triggered by my CloudWatch events rule?

One way to overcome this issue is to add wildcard matching to the lambda so that it can match every rule from a single resource policy. After adding this command you don't need to add permissions dynamically to the lambda, and you'll lambda will accept all the cloudwatch rules with a single resource policy.


1 Answers

html-pdf uses phantomjs under the hood, which needs to compile some binaries when being installed. I guess your problem is that you are deploying those locally compiled binaries but Lambda needs the binaries compiled on Amazon Linux.

You can solve this problem by building your deploy package on an EC2 instance that is running Amazon Linux and then e.g. directly deploy it from there like it is explained in this tutorial.

Also check out this answer on a similar problem.

like image 171
birnbaum Avatar answered Sep 28 '22 04:09

birnbaum