Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue With SecurityHub.Client.update_organization_configuration Method #3984

Closed
bcamp1138 opened this issue Jan 10, 2024 · 4 comments
Closed

Issue With SecurityHub.Client.update_organization_configuration Method #3984

bcamp1138 opened this issue Jan 10, 2024 · 4 comments
Assignees
@RyanFitzSimmonsAK
Labels
bug This issue is a confirmed bug. p3 This is a minor priority issue

Comments

@bcamp1138
Copy link

bcamp1138 commented Jan 10, 2024
edited
Loading

Describe the bug

When attempting to enable Security Hub in Central configuration mode, I receive a ParamValidationError saying the OrganizationConfiguration parameter doesn't exist for the SecurityHub.Client.update_organization_configuration() method.

Expected Behavior

Security Hub should be enabled and running in Central Configuration mode.

Current Behavior

[ERROR] ParamValidationError: Parameter validation failed:
Unknown parameter in input: "OrganizationConfiguration", must be one of: AutoEnable, AutoEnableStandards
Traceback (most recent call last):
  File "/var/task/index.py", line 110, in handler
    return fn.handle(event, context)
  File "/var/task/index.py", line 99, in handle
    return self.on_create(event)
  File "/var/task/index.py", line 37, in on_create
    configure_response = self.client.update_organization_configuration(
  File "/var/runtime/botocore/client.py", line 530, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/runtime/botocore/client.py", line 919, in _make_api_call
    request_dict = self._convert_to_request_dict(
  File "/var/runtime/botocore/client.py", line 990, in _convert_to_request_dict
    request_dict = self._serializer.serialize_to_request(
  File "/var/runtime/botocore/validate.py", line 381, in serialize_to_request
    raise ParamValidationError(report=report.generate_report())

Reproduction Steps

class enableSecHub():

    def __init__(self):

        self.client = boto3.client('securityhub')
        self.region = os.environ.get('AWS_REGION')

    def on_create(self, event):
        logger.info('Enabling Security Hub')
        logger.debug('Event: %s' % event)
        try:
            enable_response = self.client.enable_security_hub(
                Tags={
                    'Environment':'Dev'
                },
                EnableDefaultStandards=False,
                ControlFindingGenerator='SECURITY_CONTROL'
            )
        except self.client.exceptions.ResourceConflictException:
            logger.info('Security Hub already enabled')
        
        try:
            configure_response = self.client.update_organization_configuration(
                AutoEnable=False,
                AutoEnableStandards='NONE',
                OrganizationConfiguration={
                    'ConfigurationType':'CENTRAL',
                    'Status': 'ENABLED',
                    'StatusMessage': 'Something went very wrong here....'
                }
            )
        except self.client.exceptions.AccessDeniedException:
            logger.info('Access denied to configure Security Hub')

Possible Solution

No response

Additional Information/Context

No response

SDK version used

Version: 1.34.15

Environment details (OS name and version, etc.)

Amazon Linux 2023, CDK version 2.118.0, Python 3.9.16
@bcamp1138 bcamp1138 added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels Jan 10, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK self-assigned this Jan 11, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK added investigating This issue is being investigated and/or work is in progress to resolve the issue. p3 This is a minor priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Jan 11, 2024
@RyanFitzSimmonsAK
Copy link
Contributor

Hi @bcamp1138, thanks for reaching out. Could you provide debug logs of this behavior? You can get debug logs by adding boto3.set_stream_logger('') to the top of your script, and redacting any sensitive information. This error typically indicates an outdated version; could you also double check your versions using boto3.__version__ and botocore.__version__? Thanks!

@RyanFitzSimmonsAK RyanFitzSimmonsAK added response-requested Waiting on additional information or feedback. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Jan 11, 2024
@bcamp1138
Copy link
Author

Hi @RyanFitzSimmonsAK, thank you for the response. Boto3 and Botocore versions on my development system -

>>> boto3.__version__
'1.34.16'
>>> botocore.__version__
'1.34.16'

I'm attaching the redacted debug log. I noticed while reviewing these logs that the user agent is reporting a version of boto3 and botocore different from what I have on my dev box.
000000.zip

@github-actions github-actions bot removed the response-requested Waiting on additional information or feedback. label Jan 13, 2024
@bcamp1138
Copy link
Author

Hi @RyanFitzSimmonsAK, looks like the older version of the user agent I saw in the debug logs was the issue.

'User-Agent': 'Boto3/1.26.90

After bundling my lambda with a specific version of boto3, the error has gone away. Thank you for helping track that down. I'll close this report.

@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanFitzSimmonsAK RyanFitzSimmonsAK

Labels
bug This issue is a confirmed bug. p3 This is a minor priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bcamp1138 @RyanFitzSimmonsAK