05-04-2021 11:28 AM - last edited on 10-19-2022 11:13 AM by RPrasadi
We are getting the following error in our Lambdas,
[ERROR] Runtime.ImportModuleError: Unable to import module 'twistlock': Failed to import module: lambda_function
Traceback (most recent call last):
After troubleshooting, our team identifies that is due Prisma Defender, apparently the lambda handler was changed to twistlock.handler.
08-12-2022 07:20 AM
Greetings SPerry5,
I hope that this note finds you well! I know that it has been a while since you had posted this question but I wanted to see if you still potentially needed any help. Thank you for your time and I hope that you have a good remainder of your day.
Kind Regards,
J. Avery King
10-13-2022 12:03 PM - edited 10-13-2022 12:04 PM
Hi Amy,
I have started to research this so I can try to assist.
Could you please answer the following?
1) Was the function working prior to adding the defender? We need to be certain that there are no issues here first.
2) How did you configure protection? (three options: auto-defend, manual embedding, adding a layer)
3) What programming/scripting language is the function?
4) Are you able to share the function with us for testing or some sanitized version without proprietary data / code, etc ?
Regards,
10-13-2022 01:17 PM - edited 10-13-2022 01:17 PM
Here are some hints...
the language is python.
the lambda's entry point is a module named twistlock with a method named handler().
its likely that the lambda function's file should be named twistlock.py
10-13-2022 05:33 PM - edited 10-13-2022 10:21 PM
Hello Brandon.
Here is the answers below.
1) Was the function working prior to adding the defender? We need to be certain that there are no issues here first.
>A : Yes, the function was working fine before we added the defender.
2) How did you configure protection? (three options: auto-defend, manual embedding, adding a layer)
>A : We used the auto-defend configure.
3) What programming/scripting language is the function?
>A : It is python.
4) Are you able to share the function with us for testing or some sanitized version without proprietary data / code, etc ?
>A : I have already shared this through Support case.
Hope you kindly check this.
Thank you.
Best regards,
Amy Yoon
10-13-2022 05:34 PM
Hello Tommy.
Thank you for the hint.!
I will check this once more.
Best regards,
Amy Yoon
10-14-2022 07:37 AM
Hi Amy, if you could share the case number then I can follow up with TAC.
Since you are using AutoDefend, can you please share the IAM policy attached to the role or IAM user being used for the AWS Cloud credentials? If that's already in the case, I can look there instead. That would also be something important to add to the case if they haven't asked.
Regards,
10-16-2022 06:16 PM
Hello Brandon.
Our Case Number is 02344132.
I didn't upload the IAM policy attached to the IAM user but already checked the it before and the required permission was attached well.
Best regards,
Amy Yoon
10-21-2022 08:48 AM
HI Amy,
I had a look at the case and I can see that it has been successfully escalated so the best thing to do at this time is to stay in touch with TAC when the case is updated.
Regards,
10-21-2022 09:15 AM - edited 10-21-2022 09:23 AM
Amy and Brandon,
From what I recall, when Prisma Cloud instruments a lambda with a defender, Prisma changes the entry point for the lambda, in other words, it changes the "handler" function name in the lambda console properties. So, look at the lambda properties panel in the AWS lambda console, find the function name, typically, handler() then look to see if the function name matches the name of the "handler" function in the source file. Then fix one or the other to match. Now, the source file is NOT the original source-file.
The reason that prisma "renames" the "handler" function is because prisma introduces a new lambda file; the purpose of that lambda file is defend the original lambda function; think of it liek a wrapper around the original lambda function; that new lambda file is your new entry point, aka handler function name, that must agree with the lambda console's lambda properties/function_name.
good luck!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
