401 error getting AWS groups

Question

401 error getting AWS groups

danielnovello-pf opened this issue 9 months ago · comments

401 error getting AWS groups

All of a sudden, the Lamda function does not work. Its able to retrieve the Google groups, but fails when attempting to get the AWS groups.

To Reproduce
Steps to reproduce the behavior:

Create Function URL to run on-demand
Ran function and watch CloudWatch logs
Removed function and CloudWatch log group
Re-deployed function (successfully)
Ran function and watch CloudWatch logs - Failed with same error

Expected behaviour
Once the function retrieves the Google groups, it's suppose to get the AWS groups and perform a diff. Then update/modify the AWS groups

Additional context

We have added more policies to allow access to AWS SSO and organizations (Users groups)
The version we are using is v1.1.0 Attempts to use anything never fail

CloudWatch Logs:

...."collects all google groups..."
{ "group": "AWS Roles - Redacted", "id": "Redacted", "level": "debug", "msg": "get user", "time": "2023-11-02T18:33:57Z" }
{ "level": "info", "msg": "get existing aws groups", "time": "2023-11-02T18:33:57Z" }
{ "level": "error", "msg": "error getting aws groups", "time": "2023-11-02T18:33:57Z" }
status of http response was 401: errorString null

Chris Pates · Answer 1 · Fri Nov 03 2023 03:16:36 GMT+0800 (China Standard Time)

Has you aws SSO access token expired? It’s the most likely reason for a working deployment stopping working. Chris On 2 Nov 2023, at 18:57, danielnovello-pf ***@***.***> wrote: 401 error getting AWS groups All of a sudden, the Lamda function does not work. Its able to retrieve the Google groups, but fails when attempting to get the AWS groups. To Reproduce Steps to reproduce the behavior: 1. Create Function URL to run on-demand 2. Ran function and watch CloudWatch logs 3. Removed function and CloudWatch log group 4. Re-deployed function (successfully) 5. Ran function and watch CloudWatch logs - Failed with same error Expected behaviour Once the function retrieves the Google groups, it's suppose to get the AWS groups and perform a diff. Then update/modify the AWS groups Additional context We have added more policies to allow access to AWS SSO and organizations (Users groups) The version we are using is v1.1.0 <https://github.com/awslabs/ssosync/releases/tag/v1.1.0> Attempts to use anything never fail CloudWatch Logs: ...."collects all google groups..." { "group": "AWS Roles - Redacted", "id": "Redacted", "level": "debug", "msg": "get user", "time": "2023-11-02T18:33:57Z" } { "level": "info", "msg": "get existing aws groups", "time": "2023-11-02T18:33:57Z" } { "level": "error", "msg": "error getting aws groups", "time": "2023-11-02T18:33:57Z" } status of http response was 401: errorString null — Reply to this email directly, view it on GitHub <#155> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABVULYLGIGJMJKRP3A2L6ETYCPUILAVCNFSM6AAAAAA63LVLQ2VHI2DSMVQWIX3LMV43ASLTON2WKOZRHE3TIOBWHAYDSOI> . You are receiving this because you are subscribed to this thread. <https://github.com/notifications/beacon/ABVULYINH3HEHMJS3FAGIQLYCPUILA5CNFSM6AAAAAA63LVLQ2WGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHHLNQYQM.gif> Message ID: ***@***.***>

danielnovello-pf · Answer 2 · Fri Nov 03 2023 04:06:59 GMT+0800 (China Standard Time)

@ChrisPates Thank you. That was it. Apologies for wasting your time. Much appreciated

Chris Pates · Answer 3 · Fri Nov 03 2023 04:11:58 GMT+0800 (China Standard Time)

No worries, I’m working on the cloudformation template at the month, I’ll add a reminder on the field to check when it’s due to expire. Chris On 2 Nov 2023, at 20:07, danielnovello-pf ***@***.***> wrote: @ChrisPates Thank you. That was it. Apologies for wasting your time. Much appreciated — Reply to this email directly, view it on GitHub <#155 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABVULYKWMIOK37GI3B5GBA3YCP4O5AVCNFSM6AAAAAA63LVLQ2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJRGQ3DONZWGE> . You are receiving this because you were mentioned. <https://github.com/notifications/beacon/ABVULYI2AUCWDL6QWI7L3QTYCP4O5A5CNFSM6AAAAAA63LVLQ2WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTTKY6QPC.gif> Message ID: ***@***.***>