Errors with Bash and CloudFormation parameter-overrides
Today was oddly annoying. A bunch of code I had tested repeatedly stopped working. A particular stack was failing repeatedly that has worked for a long time now. I have a test script in the root of this directory and been running it every day with no errors:
Today I ran parts of that test script and certain resources failed to deploy. I was getting errors about missing parameters when the parameters are clearly passed in.
Then I changed the code around and got errors about invalid characters in my parameter overrides. This also was false. I’ve written about the problem with hidden characters you can’t always see when calling AWS CLI functions so you can’t tell what the problem is before.
I’ve also written a post about spaces in CloudFormation:
which seems to be a popular post for plagiarism for whatever reason:
At some point I completely changed the parameters I was passing into my parameter overrides. I noticed that the CloudFormation stack, as it was deploying, never updated and indicated it had received the new parameters. At this point I completely deleted the stack and started over.
At some point, I had modified my code to use a new function. I had a lot of code calling the old function so I simply changed the contents of the old function to obtain and pass the values to the new function. This is where the problem apparently lied, though this has all be working so I don’t know why it suddenly started failing now.
I had not updated my EC2 instance running on AWS up to this point, but I did when I started getting the errors. Although there were some kernel updates, this did not resolve my problem.
After deleting the stack and validating that CloudFormation was passing the updated parameters, I changed my code that was calling the old function to call the new function. That resolved the problem.
But what really was the problem?
The problem has to do with the fact that I had two AWS parameter overrides and there was a space between the two. When I tried to put quotes around the parameters passed into the function as I wrote about previously:
This did not resolve the problem. And in fact, with some changes, AWS was complaining that there were invalid characters in my user and group names so I presume that meant that somehow a quote character was getting wrapped in quotes somewhere and passed as part of the parameter value.
The other odd thing is that this was all working and suddenly had a typo in a parameter name. How did that get there?? Hmmm.
A very strange day indeed.
If you have functions calling functions in bash, you’ll need to be very careful passing parameters with spaces around between functions.
Teri Radichel
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
____________________________________________
Author:
Cybersecurity for Executives in the Age of Cloud on Amazon
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.
Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts
