Bug: unable to connect to local DynamoDB instance

[derekxu04]

Description:

I'm currently unable to connect to a local DynamoDB instance which is running using Docker. I am receiving the following error: An error occurred (UnrecognizedClientException) when calling the Query operation: The security token included in the request is invalid.

Steps to reproduce:

I'm currently starting a DynamoDB instance using Docker on port 8002:

  dynamodb:
    image: amazon/dynamodb-local
    container_name: app-dynamodb
    hostname: app-dynamodb
    volumes:
      - app_dynamodb:/home/dynamodblocal
    working_dir: /home/dynamodblocal
    ports:
      - '8002:8000'
    command: '-jar DynamoDBLocal.jar -sharedDb -dbPath .'
    restart: unless-stopped

My DynamoDB client is trying to connect to http://docker.for.windows.localhost:8002/ (confirmed using a debugger).

I am creating the client with the following:

    client = boto3.client(
        'dynamodb',
        region_name='us-east-1' if isLocalEnvironment else 'ap-southeast-2',
        endpoint_url=endpoint_url if isLocalEnvironment else None,
        aws_access_key_id='localKey' if isLocalEnvironment else None,
        aws_secret_access_key='localSecret' if isLocalEnvironment else None,
    )

I am then running the Lambda with
sam build --use-container && sam local invoke --parameter-overrides 'ParameterKey=ENVIRONMENT,ParameterValue=local'

I don't want to be using an AWS profile since I am only trying to connect locally.

Observed result:

2023-01-26 23:33:39,987 | Config file location: C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\samconfig.toml
2023-01-26 23:33:39,987 | Loading configuration values from [default.['local', 'invoke'].parameters] (env.command_name.section) in config file at 'C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\samconfig.toml'...
2023-01-26 23:33:39,990 | Configuration values successfully loaded.
2023-01-26 23:33:39,990 | Configuration values are: {}
2023-01-26 23:33:40,017 | Using SAM Template at C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\template.yaml
2023-01-26 23:33:40,057 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2023-01-26 23:33:40,057 | Using config file: samconfig.toml, config environment: default
2023-01-26 23:33:40,057 | Expand command line arguments to:
2023-01-26 23:33:40,057 | --template_file=C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\template.yaml --parameter_overrides={'ENVIRONMENT': "local'"} --no_event --layer_cache_basedir=C:\Users\xuder\AppData\Roaming\AWS SAM\layers-pkg --container_host=localhost --container_host_interface=127.0.0.1
2023-01-26 23:33:40,064 | local invoke command is called
2023-01-26 23:33:40,077 | Collected default values for parameters: {'ENVIRONMENT': 'production'}
2023-01-26 23:33:40,117 | There is no customer defined id or cdk path defined for resource ReadWriteDynamoPolicy, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,120 | There is no customer defined id or cdk path defined for resource serverRole, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,120 | There is no customer defined id or cdk path defined for resource tuesHeyTable, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,120 | Sam customer defined id is more priority than other IDs. Customer defined id for resource ConnectingAlgorithmLambda is ConnectingAlgorithmLambda       
2023-01-26 23:33:40,120 | There is no customer defined id or cdk path defined for resource ConnectingAlgorithmExecutionRole, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,120 | 0 stacks found in the template
2023-01-26 23:33:40,120 | Collected default values for parameters: {'ENVIRONMENT': 'production'}
2023-01-26 23:33:40,142 | There is no customer defined id or cdk path defined for resource ReadWriteDynamoPolicy, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,142 | There is no customer defined id or cdk path defined for resource serverRole, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,142 | There is no customer defined id or cdk path defined for resource tuesHeyTable, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,142 | Sam customer defined id is more priority than other IDs. Customer defined id for resource ConnectingAlgorithmLambda is ConnectingAlgorithmLambda       
2023-01-26 23:33:40,142 | There is no customer defined id or cdk path defined for resource ConnectingAlgorithmExecutionRole, so we will use the resource logical id as the resource id
2023-01-26 23:33:40,145 | 5 resources found in the stack
2023-01-26 23:33:40,145 | Found Serverless function with name='ConnectingAlgorithmLambda' and CodeUri='ConnectingAlgorithmLambda'
2023-01-26 23:33:40,145 | --base-dir is not presented, adjusting uri ConnectingAlgorithmLambda relative to C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\template.yaml
2023-01-26 23:33:40,162 | Found one Lambda function with name 'ConnectingAlgorithmLambda'
2023-01-26 23:33:40,163 | Invoking app.lambda_handler (python3.9)
2023-01-26 23:33:40,164 | Loading AWS credentials from session with profile 'None'
2023-01-26 23:33:40,218 | Resolving code path. Cwd=C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build, CodeUri=C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\ConnectingAlgorithmLambda
2023-01-26 23:33:40,218 | Resolved absolute path to code is C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\ConnectingAlgorithmLambda
2023-01-26 23:33:40,218 | Code C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\ConnectingAlgorithmLambda is not a zip/jar file
2023-01-26 23:33:40,247 | Skip pulling image and use local one: public.ecr.aws/sam/emulation-python3.9:rapid-1.67.0-x86_64.

2023-01-26 23:33:40,247 | Mounting C:\Users\xuder\USEFUL\Code\software-projects\uni-connector\cloud\.aws-sam\build\ConnectingAlgorithmLambda as /var/task:ro,delegated inside runtime container
2023-01-26 23:33:41,885 | Starting a timer for 900 seconds for function 'ConnectingAlgorithmLambda'
START RequestId: e371b92a-4b1f-4cbd-8c4b-0b0f7f742d2b Version: $LATEST
Starting Connecting Algorithm on local'
    raise error_class(parsed_response, operation_name)ake_api_calln) when calling the Query operation: The security token included in the request is invalid.
END RequestId: e371b92a-4b1f-4cbd-8c4b-0b0f7f742d2b
REPORT RequestId: e371b92a-4b1f-4cbd-8c4b-0b0f7f742d2b  Init Duration: 0.39 ms  Duration: 21183.01 ms   Billed Duration: 21184 ms       Memory Size: 512 MB     Max Memory Used: 512 MB
{"errorMessage": "An error occurred (UnrecognizedClientException) when calling the Query operation: The security token included in the request is invalid.", "errorType": "ClientError", "requestId": "e371b92a-4b1f-4cbd-8c4b-0b0f7f742d2b", "stackTrace": ["  File \"/var/task/app.py\", line 18, in lambda_handler\n    users = database.getAllUsers(client)\n", "  File \"/var/task/database.py\", line 36, in getAllUsers\n    allUsersQuery = client.query(\n", "  File \"/var/task/botocore/client.py\", line 530, in _api_call\n    return self._make_api_call(operation_name, kwargs)\n", "  File \"/var/task/botocore/client.py\", line 960, in _make_api_call\n    raise error_class(parsed_response, operation_name)\n"]}2023-01-26 23:34:04,392 | Failed to get the logs from the container
Traceback (most recent call last):
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\local\docker\container.py", line 402, in _write_container_output
    for stdout_data, stderr_data in output_itr:
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\types\daemon.py", line 32, in __next__
    return next(self._stream)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\api\client.py", line 406, in <genexpr>
    gen = (demux_adaptor(*frame) for frame in gen)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\utils\socket.py", line 94, in frames_iter_no_tty
    (stream, n) = next_frame_header(socket)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\utils\socket.py", line 66, in next_frame_header
    data = read_exactly(socket, 8)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\utils\socket.py", line 51, in read_exactly
    next_data = read(socket, n - len(data))
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\utils\socket.py", line 35, in read
    return socket.recv(n)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\transport\npipesocket.py", line 23, in wrapped
    return f(self, *args, **kwargs)
  File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\transport\npipesocket.py", line 117, in recv
    err, data = win32file.ReadFile(self._handle, bufsize)
pywintypes.error: (109, 'ReadFile', 'The pipe has been ended.')
2023-01-26 23:34:05,033 | Cleaning all decompressed code dirs
2023-01-26 23:34:05,534 | Sending Telemetry: {'metrics': [{'commandRun': {'requestId': '01cbe20c-a5c6-4a6e-8c38-7a7e350255ab', 'installationId': 'f008c32b-eef5-4aa9-84be-436d533b7002', 'sessionId': 'c348507c-a998-475f-a0b3-b80eac2c010f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.8', 'samcliVersion': '1.67.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': '', 'commandName': 'sam local invoke', 'metricSpecificAttributes': {'projectType': 'CFN', 'gitOrigin': 'c272fd434cb95e2700ad2daf9816dd42f468583c95d811e0bd11f40339227650', 'projectName': '625582de0aabd0bd635cdacb39dc3a090ab82f367f2d92ac196af1524c3ffe25', 'initialCommit': 'c6df37dd5607b1e660f772163e013cee951dff0bfb9c2fc250b23a72a6c25fe5'}, 'duration': 25470, 'exitReason': 'success', 'exitCode': 0}}]}
2023-01-26 23:34:06,435 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
2023-01-26 23:34:06,437 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2023-01-26 23:34:06,437 | Sending Telemetry: {'metrics': [{'runtimeMetric': {'requestId': '79d07b5e-ac10-45ce-a52e-72820e7436c9', 'installationId': 'f008c32b-eef5-4aa9-84be-436d533b7002', 'sessionId': 'c348507c-a998-475f-a0b3-b80eac2c010f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.8', 'samcliVersion': '1.67.0', 'runtimes': ['python3.9']}}]}
2023-01-26 23:34:07,197 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)

Expected result:

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

1. OS: Windows 11
2. sam --version: 1.67.0
3. AWS region: ap-southeast-2

[qingchm]

Thanks for opening the issue, I will get back to you after discussion with team

[sriram-mv]

@derekxu04 were you able make progress on this issue? Often cases, in scenarios like this it was found that there were issues with docker networking on the host side.

[derekxu04]

Haven't been able to resolve this yet unfortunately.