hosted functions use insecure python `cryptography` library

Question

hosted functions use insecure python `cryptography` library

michaelbrewer opened this issue 3 years ago · comments

When setting up rotations via the hosted function like below:

from aws_cdk import core, aws_ec2 as ec2
from aws_cdk.aws_rds import DatabaseCluster, DatabaseClusterEngine, InstanceProps, AuroraEngineVersion
from aws_cdk.core import Duration


class Tmp2Stack(core.Stack):
    def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        vpc = ec2.Vpc(self, "VPC")

        db = DatabaseCluster(
            self,
            "Database",
            engine=DatabaseClusterEngine.aurora(version=AuroraEngineVersion.VER_1_22_2),
            instance_props=InstanceProps(vpc=vpc),
        )
        db.add_rotation_single_user(automatically_after=Duration.days(7))

Then the python 3.7 lambdas are insecure using 2017 version of python cryptography

Yash Goyal · Answer 1 · Thu Mar 03 2022 04:54:58 GMT+0800 (China Standard Time)

Thank you for your feedback. We have noted this as a feature request.

goyalya · Answer 2 · Fri Apr 08 2022 07:28:15 GMT+0800 (China Standard Time)

We investigated this further and it appears that there might be some issue with your lambda setup. If you are initiating the lambda from CFN, you have to update lambda in CFN or if it is from console, you should replace existing lambda with new lambda. If you need further assistance, please open a support case with AWS.

Michael Brewer · Answer 3 · Fri Apr 08 2022 22:36:22 GMT+0800 (China Standard Time)

@goyalya - i will submit a synthed cfn example and share the generated stack, but this is not closed.