AWS Parameters and Secrets Lambda Extension does not work with parameter ARN's

The AWS documentation for the Parameters and Secrets Lambda Extension states:

To make a call using the Amazon Resource Name (ARN) for a parameter, make an HTTP GET call similar to the following.

GET http://localhost:port/systemsmanager/parameters/get?name=arn:aws:ssm:us-east-1:123456789012:parameter/MyParameter

however these requests return a 400 stating the parameter name is invalid.

Here's a quick example to demonstrate the successful request using the parameter name, and the failed request using the parameter ARN:

import json
import os

from botocore.vendored import requests


def lambda_handler(event, context):
    name_url = 'http://localhost:2773/systemsmanager/parameters/get?name=test-param'
    arn_url = 'http://localhost:2773/systemsmanager/parameters/get?name=arn:aws:ssm:us-east-2:{ACCOUNT_ID}:parameter/test-param'
    headers = {'X-Aws-Parameters-Secrets-Token': os.environ['AWS_SESSION_TOKEN']}
    
    name_resp = requests.get(name_url, headers=headers)
    print(f'NAME RESPONSE: {name_resp.status_code} > {name_resp.text}')
    
    arn_resp = requests.get(arn_url, headers=headers)
    print(f'ARN RESPONSE: {arn_resp.status_code} > {arn_resp.text}')

and the output:

NAME RESPONSE: 200 > {"Parameter":{"ARN":"arn:aws:ssm:us-east-2:{ACCOUNT_ID}:parameter/test-param","DataType":"text","LastModifiedDate":"2022-11-26T02:25:14.669Z","Name":"test-param","Selector":null,"SourceResult":null,"Type":"SecureString","Value":"AQICAH....=","Version":2},"ResultMetadata":{}}

ARN RESPONSE: 400 > an unexpected error occurred while executing request
[AWS Parameters and Secrets Lambda Extension] 2022/11/26 18:09:36 ERROR GetParameter request encountered an error: operation error SSM: GetParameter, https response error StatusCode: 400, RequestID: {REQUEST_ID}, api error ValidationException: Invalid parameter name. Please use correct syntax for referencing a version/label  <name>:<version/label>

The docs also state:

When using GET calls, parameter values must be encoded for HTTP to preserve special characters.

however the error still occurs whether the ARN colons and/or slash are URL-encoded or not like so:

http://localhost:2773/systemsmanager/parameters/get?name=arn%3Aaws%3Assm%3Aus-east-2%3A{ACCOUNT_ID}%3Aparameter/test-param
http://localhost:2773/systemsmanager/parameters/get?name=arn%3Aaws%3Assm%3Aus-east-2%3A{ACCOUNT_ID}%3Aparameter%2Ftest-param

Am I missing something here or is the documentation incorrect in that an ARN can be used for these requests?

Argomenti

Serverless Computazionali Gestione e amministrazione

Tag

AWS Lambda Gestore dei sistemi AWS Memorizzazione dei parametri

Lingua

English

andy

posta un anno fa253 visualizzazioni

Nessuna risposta

Più recenti
Maggior numero di voti
Maggior numero di commenti

Contenuto pertinente

Come posso risolvere l'errore: "The following parameters are not defined for the specified group” quando aggiorno la versione del motore del cluster RDS utilizzando CloudFormation?
AWS UFFICIALEAggiornata 2 anni fa
Come posso risolvere l'errore "The provided key element does not match the schema" durante l'importazione di tabelle DynamoDB utilizzando Hive su Amazon EMR?
AWS UFFICIALEAggiornata un anno fa
Ho ricevuto il messaggio "NetworkInterfaces associated with the Lambda Function to be cleaned up" durante l'eliminazione di uno stack CloudFormation.
AWS UFFICIALEAggiornata 3 anni fa
Come faccio a risolvere l'errore "endpoint does not support the Availability Zone" quando tento di mappare un endpoint di Amazon VPC?
AWS UFFICIALEAggiornata 7 mesi fa