Functions calling Functions

Errors with Bash and CloudFormation parameter-overrides

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | Application Security | CloudFormation

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Update: I did not realize bash had the ability to create local variables with the local keyword. Use it!

Today was oddly annoying. A bunch of code I had tested repeatedly stopped working. A particular stack was failing repeatedly that has worked for a long time now. I have a test script in the root of this directory and been running it every day with no errors:

GitHub - tradichel/SecurityMetricsAutomation

This code is associated with a series of blog posts. Please refer to these posts for more information: Automating…

github.com

Today I ran parts of that test script and certain resources failed to deploy. I was getting errors about missing parameters when the parameters are clearly passed in.

Then I changed the code around and got errors about invalid characters in my parameter overrides. This also was false. I’ve written about the problem with hidden characters you can’t always see when calling AWS CLI functions so you can’t tell what the problem is before.

I’ve also written a post about spaces in CloudFormation:

Cannot Pass Spaces to AWS CloudFormation Deploy Parameter-Overrides

A convoluted combination of Bash and CloudFormation that caused obnoxiously confusing errors

medium.com

which seems to be a popular post for plagiarism for whatever reason:

Techspec [dot] Online, Attackfeed [dot] com, and others are copying my post titles word for word…

I would like them to stop

medium.com

At some point I completely changed the parameters I was passing into my parameter overrides. I noticed that the CloudFormation stack, as it was deploying, never updated and indicated it had received the new parameters. At this point I completely deleted the stack and started over.

At some point, I had modified my code to use a new function. I had a lot of code calling the old function so I simply changed the contents of the old function to obtain and pass the values to the new function. This is where the problem apparently lied, though this has all be working so I don’t know why it suddenly started failing now.

I had not updated my EC2 instance running on AWS up to this point, but I did when I started getting the errors. Although there were some kernel updates, this did not resolve my problem.

After deleting the stack and validating that CloudFormation was passing the updated parameters, I changed my code that was calling the old function to call the new function. That resolved the problem.

But what really was the problem?

The problem has to do with the fact that I had two AWS parameter overrides and there was a space between the two. When I tried to put quotes around the parameters passed into the function as I wrote about previously:

This did not resolve the problem. And in fact, with some changes, AWS was complaining that there were invalid characters in my user and group names so I presume that meant that somehow a quote character was getting wrapped in quotes somewhere and passed as part of the parameter value.

The other odd thing is that this was all working and suddenly had a typo in a parameter name. How did that get there?? Hmmm.

A very strange day indeed.

If you have functions calling functions in bash, you’ll need to be very careful passing parameters with spaces around between functions.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab

Summarize