When trying to use Python 3.9 runtime as being new corporate requirement due to 3.8 vulnerabilities getting cff errors.
Closed this issue · 6 comments
While creating Private Key in CloudFormation Received response status [FAILED] from custom resource. Message returned: ModuleNotFoundError: No module named '_cffi_backend' (RequestId: 3860dfd8-3261-4bbc-a634-73a89c468287)
Hi @arkrud, thank you for opening an issue. Which version are you using? Versions >= 2.0.0 of the provider are built for the Python3.9 runtime.
Please reopen if the problem persists.
I tried it with version 2.0.1 and Python3.9 and get same error:
Received response status [FAILED] from custom resource. Message returned: ModuleNotFoundError: No module named '_cffi_backend' (RequestId: 3bda91a4-ffdd-418b-a2a4-8769a04c6fe3)
Hi @arkud,
Which region are you deploying from? I can reproduce this exact error only when I explicitly remove the file _cffi_backend.cpython-39-x86_64-linux-gnu.so from the zip file.
$ aws s3 cp s3://binxio-public-eu-west-1/lambdas/cfn-secret-provider-2.0.1.zip /tmp
$ mkdir /tmp/content && cd /tmp/content
$ unzip ../cfn-secret-provider-2.0.1.zip
$ cat > cfn_rsakey_provider.py <<!
if __name__ == "__main__":
key = rsa.generate_private_key(
backend=crypto_default_backend(),
public_exponent=65537,
key_size=2048
)
!
$ docker run -v $HOME/.aws:/root/.aws \
-v $PWD:/task -w /task --platform linux/amd64 \
--entrypoint python3 \
python:3.9 cfn_rsakey_provider.py
$ mv _cffi_backend.cpython-39-x86_64-linux-gnu.so{,-}
$ docker run -v $HOME/.aws:/root/.aws \
-v $PWD:/task -w /task --platform linux/amd64 \
--entrypoint python3 \
python:3.9 cfn_rsakey_provider.py
Traceback (most recent call last):
File "/task/cfn_rsakey_provider.py", line 208, in <module>
backend=crypto_default_backend(),
File "/task/cryptography/hazmat/backends/__init__.py", line 8, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File "/task/cryptography/hazmat/backends/openssl/__init__.py", line 6, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File "/task/cryptography/hazmat/backends/openssl/backend.py", line 63, in <module>
from cryptography.hazmat.bindings.openssl import binding
File "/task/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ModuleNotFoundError: No module named '_cffi_backend'
Hi,
I see error in us-east-1
Ark
I noticed that I changed the reference to zip release v2.0.1 only in one place in CF temple.
When I updated it in both locations it is working now.
So you can close the issue.
Thank You,
Arkadiy