I’m using the boto3 client to copy RDS Snapshots and the CopyTags documentation is not clear on the following.

But if your source snapshot has tags and you want to copy then, then you cannot add tags with the Tags=[ … some tags ] at the same time.

If you use both the CopyTags and the Tags properties, only the Tags one will be applied.

Today I had been debugging and building my docker based lambda. All of the sudden, I start getting this error

failed to solve with frontend dockerfile.v0: failed to create LLB definition: unexpected status code [manifests 3.8]: 400 Bad Request

I googled it without success. I closed VS Code. Nada.

I closed and restarted Docker Desktop. Nada.

I noticed I had a pending update on the Docker Desktop notifications. I completed the update. Then…

I shut down my mac. Restarted it and bam! It started working again.

hope this helps.

How can I view the logs of a docker container running in the background?

So I had a Jenkins job that was building a Lambda function docker image and testing it. The tests worked locally but some how they were failing when Jenkins was running them.

The Jenkins job didn’t show me the docker image logs so I use this below:

I use this to test the lambda

TEST_RESPONSE=$(curl -XPOST “http://localhost:9000/2015-03-31/functions/function/invocations" -d @”$TEST_FILE”)

Then after catching the response, I had jenkins output the docker logs

docker container logs — details $(docker ps -aqf “ancestor=$image”)

Hope this helps you out.

As part of our DR strategy, I had to start copying our EBS snapshots from us-west-2 to us-east-1.

My solution looks like this:

  • In us-west-2, CloudWatch Rule that calls an SNS topic when an EBS snapshot is taken (also in us-west-2)
  • SNS topic has a us-east-1 Lambda Subscriber which has the code to copy the EBS snapshot from source to destination region

In order to copy a snapshot into us-east-1, the Lambda function has to be hosted in us-east-1 as well.

A KMS CMK key is being used for EBS encryption. So the EBS snapshots have a KMS CMK in…

Today I needed to add a permissions policy to an ECR repository but couldn’t really figure out where to add the policy.

I thought I would select the repository and click on the Edit property but that’s not it.

Instead once select and click onto your ECR repository, on the left side column, you’ll see “Images” and “Permissions” options. That’s how you get to the Permissions tab where you can edit the Policy JSON.

Hope this helps you out!

In order to filter SNS Subscription messages, your message must have a “MessageAttributes” attribute.

If you are creating the messages, then this is no problem.

In my case, I’m using CloudWatch event rules to publish to an SNS topic and I don’t have a way to add the MessageAttributes property to the messages being published.

#tldr In order to filter subscriptions, your topic message must have a MessageAttributes property.


I just came across a goofy problem. I created a lambda function and it appeared to me as if nothing was happening. Like it wasn’t being triggered.

I couldn’t find any errors in CloudWatch. Nada.

Then I thought — I wonder if it is failing but not able to tell me so because the Lambda needs access to CloudWatch Logs. And indeed.

Remember to Add CloudWatch Logs permissions.

p.s. Back to my lambda to fix some json property mishap!

keywords: sns call lambda cross-region but lambda not being triggered

So I kept getting this error at the AWS CLI command line.

parse error: Invalid numeric literal at line 1, column 12

The aws cli command was completing successfully and I was piping the result into jq to parse the response.

It took me a while to realize that my .aws/config file was set to output=yaml

I changed it to output=json and boila!

Most of the time when I have to clone a repo, I use the https method. Today I configured my environment with SSH keys and it was great.

To create an SSH key you run:

ssh-keygen -m PEM -t rsa -b 4096 -C “your_email@domain”

This outputs a private and public key.

Then you take your public key and paste it on your git repo profile under SSH keys.

Then you add your SSH to your session (aka SSH authentication agent)

ssh-add ~/.ssh/Your_Private_key

Then you’re ready to start cloning via the terminal.

source: https://unsplash.com/photos/Fa0pTKuoDVY
Source: https://unsplash.com/photos/Fa0pTKuoDVY

Note to self: When you deploy an AWS Lambda function on a VPC, and you’re using Secrets Manager, remember these things:

  1. Friday is almost here!
  2. Create a VPC Endpoint for Secrets Manager a.k.a Secrets Manager interface endpoint in your lambda region (how?)
  3. Add a Lambda Environment variable “SECRET_MANAGER_ENDPOINT” and set it to https://secretsmanager.<your_region>.amazonaws.com
  4. Then when you set up the boto3.client connection, set it like this:
    client = boto3.client(‘secretsmanager’, endpoint_url=os.environ[‘SECRETS_MANAGER_ENDPOINT’])
  5. Finally, ensure your Secrets Manager endpoint VPC subnet configuration matches the subnet configuration you set up for your lambda function. Otherwise, you’ll Lambda function will timeout waiting to connect to the Secrets Manager to get/write your secrets.

2021–05–14T17:20:54.636Z guid-e15b-more-1234–guid Task timed out after 300.10 seconds (in my case 5 minutes)

Edgar Sanchez

A great architect - humble in spirit. dangerous with production access.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store