Empty PREFIX_LISTS environment variable causes Step Function to fail in case of "Custom-Destinations" value for DEFAULT_ROUTE environment variable

Question

Empty PREFIX_LISTS environment variable causes Step Function to fail in case of "Custom-Destinations" value for DEFAULT_ROUTE environment variable

Closed this issue a year ago · 1 comments

Describe the bug

PREFIX_LISTS environment variable in STNO-State-Machine Lambda Function should-be/is optional where "Custom-Destinations" is specified for DEFAULT_ROUTE variable if CIDR_BLOCKS is provided (as per the CustomerManagedPrefixListIds parameter in network-orchestration-hub.yaml CloudFormation template).

However, by keeping PREFIX_LISTS empty while specifying CIDR_BLOCKS and setting "Custom-Destinations" as a value for DEFAULT_ROUTE, causes Step Function to fail and respective TGW VPC attachment doesn't get associated/propagated to the specified TGW Route Table.

To Reproduce

Specify ListOfCustomCidrBlocks in network-orchestration-hub.yaml CloudFormation template while setting "Custom-Destinations" as a value for DEFAULT_ROUTE and keep CustomerManagedPrefixListIds empty.

Once STNO Hub and Spoke stacks are deployed, create a VPC with populated "Associate-with" and/or "Propagate-to" tags and then create subnets having tag "Attach-to-tgw" added.

This will cause step function to fail as in the underlying Lambda code following two functions are getting called for Custom-Destinations in DEFAULT_ROUTE:

_update_route_table_with_cidr_blocks(...)

This works fine as CIDR_BLOCKS environment variable would have value.

_update_route_table_with_prefix_lists(...)

This errors as PREFIX_LISTS environment variable comes up as an empty string and upon getting split by "," its length would remain 1 and hence it is able to bypass the > 0 check causing _update_route_table(...) to fail as prefix_list_id would be empty.

Expected behavior

Empty PREFIX_LISTS should be effectively handled in the Lambda code so that Step Function could succeed in case of "Custom-Destinations" for the DEFAULT_ROUTE with just requiring CIDR_BLOCKS environment variable.

For this in the code block the first check should be making sure PREFIX_LISTS is a non-empty string like following:
if environ.get("PREFIX_LISTS") != "": or simply if environ.get("PREFIX_LISTS"):
Then the PREFIX_LISTS should be split to avoid the above issue.

Similar thing can be done in case just PREFIX_LISTS is required but not the CIDR_BLOCKS, in code block of _update_route_table_with_cidr_blocks(...)

Please complete the following information about the solution:

Version: v3.2.1
Region: eu-west-1
Was the solution modified from the version published on this repository?
If the answer to the previous question was yes, are the changes available on GitHub?
Have you checked your service quotas for the sevices this solution uses?
Were there any errors in the CloudWatch Logs?

Yes: "exception": "Traceback (most recent call last):\n File "/var/task/state_machine/lib/clients/ec2.py", line 95, in create_route_cidr_block\n response = self.ec2_client.create_route(\n File "/var/task/botocore/client.py", line 530, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File "/var/task/botocore/client.py", line 960, in _make_api_call\n raise error_class(parsed_response, operation_name)\nbotocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the CreateRoute operation: invalid value for parameter destination-cidr-block:",
"exception_name": "ClientError"

Screenshots
If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context
Add any other context about the problem here.

Answer 1 · 2023-05-22T18:20:49.000Z

Thanks for raising this issue. This bug will be resolved in the next release.