尝试从 AWS Lambda 但不是桌面访问 AWS Device Farm 时出现 SSL 证书错误

Posted 2023-04-15

【中文标题】尝试从 AWS Lambda 但不是桌面访问 AWS Device Farm 时出现 SSL 证书错误

【英文标题】：SSL Certificate Errors when trying to access AWS Device Farm from AWS Lambda but Not Desktop

【发布时间】：2021-11-11 01:43:41

【问题描述】：

我正在尝试在 AWS 上使用 Selenium 创建刮板，因此我在桌面上使用了以下代码

import boto3
from selenium.webdriver import Remote
from selenium.webdriver import DesiredCapabilities 

devicefarm_client = boto3.client('devicefarm', region_name='us-west-2', verify=False)
testgrid_url_response = devicefarm_client.create_test_grid_url(projectArn="<insert_arn_here>", expiresInSeconds=120)
desired_capabilities = DesiredCapabilities.CHROME
desired_capabilities['platform'] = 'windows'
desired_capabilities['acceptInsecureCerts'] = True

# fails here
driver = Remote(testgrid_url_response['url'], desired_capabilities)

# unreachable code
driver.get('https://www.google.com')
driver.quit()

当我在我的桌面上运行此代码时，我能够成功调用 Device Farm，但是当我尝试在 AWS Lambda 函数中运行相同的代码时，我收到以下错误

  "errorMessage": "<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '54.185.155.213'. (_ssl.c:1129)>",
  "errorType": "URLError",
  "requestId": "8c064e3e-f362-441b-be0c-3bc00ad109ba",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\", line 24, in lambda_handler\n    driver = Remote(testgrid_url_response['url'], desired_capabilities)\n",
    "  File \"/opt/python/lib/python3.9/site-packages/selenium/webdriver/remote/webdriver.py\", line 92, in __init__\n    self.start_session(desired_capabilities, browser_profile)\n",
    "  File \"/opt/python/lib/python3.9/site-packages/selenium/webdriver/remote/webdriver.py\", line 179, in start_session\n    response = self.execute(Command.NEW_SESSION, capabilities)\n",
    "  File \"/opt/python/lib/python3.9/site-packages/selenium/webdriver/remote/webdriver.py\", line 234, in execute\n    response = self.command_executor.execute(driver_command, params)\n",
    "  File \"/opt/python/lib/python3.9/site-packages/selenium/webdriver/remote/remote_connection.py\", line 408, in execute\n    return self._request(command_info[0], url, body=data)\n",
    "  File \"/opt/python/lib/python3.9/site-packages/selenium/webdriver/remote/remote_connection.py\", line 478, in _request\n    resp = opener.open(request, timeout=self._timeout)\n",
    "  File \"/var/lang/lib/python3.9/urllib/request.py\", line 517, in open\n    response = self._open(req, data)\n",
    "  File \"/var/lang/lib/python3.9/urllib/request.py\", line 534, in _open\n    result = self._call_chain(self.handle_open, protocol, protocol +\n",
    "  File \"/var/lang/lib/python3.9/urllib/request.py\", line 494, in _call_chain\n    result = func(*args)\n",
    "  File \"/var/lang/lib/python3.9/urllib/request.py\", line 1389, in https_open\n    return self.do_open(http.client.HTTPSConnection, req,\n",
    "  File \"/var/lang/lib/python3.9/urllib/request.py\", line 1349, in do_open\n    raise URLError(err)\n"
  ]

尽管设置了 verify=False，并将 Lambda 放置在 US-west-2 区域，以及设置了 desired_capabilities['acceptInsecureCerts'] = True 并附加了 IAM 角色策略，以提供对 Device Farm 的完全访问权限。试过Python3.8和Python3.9的运行环境。我也试过直接传入我的 aws_access_key_id 和 aws_secret_access_key，结果一样。

【问题讨论】：

如何打包运行时依赖项以进行上传？那里可能发生了什么事。在打包 selenium 之前，您可能希望使用 Python 的 venv 来确保一个干净的状态

@TobeE 我创建了包含 selenium 的 requirements.txt 文件，运行 pip install -r requirements.txt -t .，然后我压缩包，上传到 S3，并从这个包中创建了一个 Lambda 层，然后在Lambda 函数

【参考方案1】：

感谢@Tobe E 的建议，答案与 Selenium 的版本有关。我的 requirements.txt 文件包含 selenium==3.0.2，而我的本地安装包含 selenium==3.141.0。升级 Selenium 包并重新部署到 AWS 后，代码按预期工作，没有 SSL 证书错误。