我尝试创建可通过 lambda 函数 url 访问的 lambda 函数,并希望执行我自己的验证。流程或多或少会是这样的
对于第一个 Lambda 函数(用于生成令牌),它使用用户池和 boto3 库运行良好
对于 lambda 函数的第二部分,我计划使用 https://github.com/awslabs/aws-support-tools/blob/master/Cognito/decode-verify-jwt/decode-verify-jwt 中的示例.py 然而我陷入了从 jose 导入 jwk 和 jwt 的困境
所以这是我采取的步骤:
这是失败的函数片段:
import json
import boto3
import traceback
import sys
import time
import hashlib
import base64
from botocore.exceptions import ClientError
from jose import jwt
from jose.utils import base64url_decode
# Bedrock Runtime client used to invoke and question the models
bedrock_runtime = boto3.client(
service_name='bedrock-runtime',
region_name='us-east-1'
)
我得到的错误:
e 690, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 940, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "/var/task/lambda_function.py", line 10, in <module>
from jose import jwt
File "/opt/python/jose/jwt.py", line 6, in <module>
from jose import jws
File "/opt/python/jose/jws.py", line 5, in <module>
from jose import jwk
File "/opt/python/jose/jwk.py", line 1, in <module>
from jose.backends.base import Key
File "/opt/python/jose/backends/__init__.py", line 2, in <module>
from jose.backends.cryptography_backend import get_random_bytes # noqa: F401
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/python/jose/backends/cryptography_backend.py", line 4, in <module>
from cryptography.exceptions import InvalidSignature, InvalidTag
File "/opt/python/cryptography/exceptions.py", line 9, in <module>
from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
pyo3_runtime.PanicException: Python API call failed
INIT_REPORT Init Duration: 675.07 ms Phase: init Status: error Error Type: Runtime.ExitError
ModuleNotFoundError: No module named '_cffi_backend'
thread '<unnamed>' panicked at /github/home/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pyo3-0.18.3/src/err/mod.rs:790:5:
Python API call failed
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Traceback (most recent call last):
File "/var/runtime/bootstrap.py", line 63, in <module>
main()
File "/var/runtime/bootstrap.py", line 60, in main
awslambdaricmain.main([os.environ["LAMBDA_TASK_ROOT"], os.environ["_HANDLER"]])
File "/var/lang/lib/python3.11/site-packages/awslambdaric/__main__.py", line 21, in main
bootstrap.run(app_root, handler, lambda_runtime_api_addr)
File "/var/lang/lib/python3.11/site-packages/awslambdaric/bootstrap.py", line 472, in run
request_handler = _get_handler(handler)
^^^^^^^^^^^^^^^^^^^^^
File "/var/lang/lib/python3.11/site-packages/awslambdaric/bootstrap.py", line 53, in _get_handler
m = importlib.import_module(modname.replace("/", "."))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lang/lib/python3.11/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 690, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 940, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "/var/task/lambda_function.py", line 10, in <module>
from jose import jwt
File "/opt/python/jose/jwt.py", line 6, in <module>
from jose import jws
File "/opt/python/jose/jws.py", line 5, in <module>
from jose import jwk
File "/opt/python/jose/jwk.py", line 1, in <module>
from jose.backends.base import Key
File "/opt/python/jose/backends/__init__.py", line 2, in <module>
from jose.backends.cryptography_backend import get_random_bytes # noqa: F401
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/python/jose/backends/cryptography_backend.py", line 4, in <module>
from cryptography.exceptions import InvalidSignature, InvalidTag
File "/opt/python/cryptography/exceptions.py", line 9, in <module>
from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
pyo3_runtime.PanicException: Python API call failed
知道原因是什么吗?
或者我可以使用任何替代方法来验证 lambda 函数中的认知令牌吗?
谢谢
此问题是由于 lambda 函数和层本身的 Python 版本不匹配造成的。
Layer 是直接使用 AWS cloudshell 创建的,目前使用 Python 3.7,而 lambda 函数使用 Python 3.11。
作为将来创建图层时的参考:
希望这对未来的 AWS 用户(可能仍然是像我这样的新手)有所帮助