Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is causing cfn-signal with waithandle.url to get 403 error

Tags:

amazon-web-services

amazon-ami

aws-cloudformation

Good day.

My cloudformation stack keeps getting rolled back due to the error for the WaitCondition.

The EC2 instance has Userdata which calls custom bootstrap.sh that uses cfn-signal with the waithandle.url (replaced sensitive info with "masked"):

cfn-signal --success true --http-proxy http://proxyAbc:123 --https-proxy http://proxyAbc:123  --region ap-southeast-2 https://cloudformation-waitcondition-ap-southeast-2.s3-ap-southeast-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aap-southeast-2%3A747462550105%3Astack/asg-masked-20200508162554-0b080289adf738030/35459000-90f5-11ea-a7af-0a0ad6464e74/WaitHandle?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200508T062906Z&X-Amz-SignedHeaders=host&X-Amz-Expires=86399&X-Amz-Credential=masked&X-Amz-Signature=masked

However it is encountering this error now:

Error signaling CloudFormation: [Errno 403] HTTP Error 403 : AccessDeniedAccess DeniedXYZ...123

There has been no code change except for using a new Centos 7 AMI.

Has anyone encountered this error and managed to resolve it?

Edit: The userdata has this in the CloudFormation template (which has single-quote surrounding it), where the WAITHANDLE environment variable is used in the cfn-signal command above (the https://cloudformation-waitcondition-ap-southeast-2....):

BASH_SCRIPT[8]=\"export WAITHANDLE='", {"Ref": "WaitHandle"}, "'\"\n
like image 637
Carlos Jaime C. De Leon Avatar asked Nov 14 '25 13:11

Carlos Jaime C. De Leon

1 Answers

The issue turned out to be due to proxy issue. The proxy being used works before (for years) but now has been broken. This is probably not a general answer as the 403 seems to be to broad, though pay attention to the part where it says AccessDenied (without 'Request has Expired') in any case just answering this in case anyone else encounters it.

For example:

Pre-signed URL expired:

Error signaling CloudFormation: [Errno 403] HTTP Error 403 : 
AccessDeniedRequest has expired863992020-05-15T05:17:56Z2020-05-18T20:41:19Z[somehashvalue]

Proxy issue:

Error signaling CloudFormation: [Errno 403] HTTP Error 403 : AccessDeniedAccess Denied[somehashvalue]
like image 193
Carlos Jaime C. De Leon Avatar answered Nov 17 '25 08:11

Carlos Jaime C. De Leon
Sign in to Comment

Related questions

How to get Cognito Identity Id in Post Confirmation Lambda Trigger in Python using Amplify React?
Django + AWS Secret Manager Password Rotation
AWS Lambda code is throwing "An error occurred (UnauthorizedOperation) when calling the StartInstances operation
Traditional Data Lake vs AWS Lake Formation
Test lambda locally with curl
enabling versioning for s3 bucket object
RDS Connection to Python Using SQLalchemy
Scheduling tasks within a cluster of identical peers

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!