Lambda exits with uncaught exception if file was removed before check is finished

Question

Lambda exits with uncaught exception if file was removed before check is finished

Opened this issue 2 months ago · 0 comments

Sometimes we have the case that our users delete a file they didn't mean to upload and then it is deleted from the bucket before the scan finished and the tagging operation fails with an uncaught exception like this:

LAMBDA_WARNING: Unhandled exception. The most likely cause is an issue in the function code. However, in rare cases, a Lambda runtime update can cause unexpected function behavior. For functions using managed runtimes, runtime updates can be triggered by a function change, or can be applied automatically. To determine if the runtime has been updated, check the runtime version in the INIT_START log entry. If this error correlates with a change in the runtime version, you may be able to mitigate this error by temporarily rolling back to the previous runtime version. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html
[ERROR] NoSuchKey: An error occurred (NoSuchKey) when calling the PutObjectTagging operation: The specified key does not exist.
Traceback (most recent call last):
  File "/var/lang/lib/python3.12/site-packages/aws_lambda_powertools/metrics/provider/base.py", line 207, in decorate
    response = lambda_handler(event, context, *args, **kwargs)
  File "/var/lang/lib/python3.12/site-packages/aws_lambda_powertools/logging/logger.py", line 447, in decorate
    return lambda_handler(event, context, *args, **kwargs)
  File "/var/task/lambda.py", line 91, in lambda_handler
    summary = scan(
  File "/var/task/lambda.py", line 289, in scan
    set_status(input_bucket, input_key, status)
  File "/var/task/lambda.py", line 119, in set_status
    s3_client.put_object_tagging(
  File "/var/lang/lib/python3.12/site-packages/botocore/client.py", line 565, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/lang/lib/python3.12/site-packages/botocore/client.py", line 1021, in _make_api_call
    raise error_class(parsed_response, operation_name)

Ideally this would be handled gracefully and be written to the error queue.

Version used:

"cdk-serverless-clamscan": "^2.8.27",

CDK Setup:

const clamScan = new ServerlessClamscan(this, "clam-scan", {
  acceptResponsibilityForUsingImportedBucket: true,
  buckets: [pictureBucket, recordsBucket],
  onResult: new LambdaDestination(scanResultHandler),
  onError: new SqsDestination(scanErrorsQueue),
});

Steps to reproduce:

Upload a file to an S3 bucket that is connected to clam scan
Immediately delete the file again
Check the errors in the lambda (generated by cdk-serverless-clamscan)