how to fix error with ssl certificate in aws lambda

Question

I am using this guide on the AWS deeplens. I am experimenting with the code and at one point it stopped working for the second standalone lambda function. At some point, the code started getting the exception and I only recently noticed it.

Here is the code in question:

def sendMessageToIoTTopic(iotMessage):
    # this is a default topic if its not specified in the lambda envirionment
    topicName = "worker-safety"
    if "iot_topic" in os.environ:
        topicName = os.environ['iot_topic']
        
    print("Send message to topic: " + topicName + " before")
    iotClient = boto3.client('iot-data', region_name='us-east-1')
    response = iotClient.publish(
            topic=topicName,
            qos=1,
            payload=json.dumps(iotMessage)
        )
    print("Send message to topic: " + topicName + "after")
    print("using this topic **{}** response is {}".format(topicName, response))

The guide says to modify the default timeout from 1 second to 3 seconds. Here is the log for this code with a 3 second timeout.

2021-01-31T14:28:35.579-05:00   Before we send to iot MQTT?

2021-01-31T14:28:35.579-05:00   Send message to topic: worker-safety-demo-cloud before

2021-01-31T14:28:36.202-05:00   END RequestId: 89794691-a149-4480-b0bd-fd1a69522774

2021-01-31T14:28:36.202-05:00   REPORT RequestId: 89794691-a149-4480-b0bd-fd1a69522774 Duration: 3003.48 ms Billed Duration: 3000 ms Memory Size: 128 MB Max Memory Used: 35 MB

2021-01-31T14:28:36.202-05:00   2021-01-31T19:28:36.201Z 89794691-a149-4480-b0bd-fd1a69522774 Task timed out after 3.00 seconds

2021-01-31T14:28:38.016-05:00   START RequestId: 71562d34-28d6-471a-8a43-b1e0bab1d621 Version: $LATEST

Adjusting the timeout for the lambda function from 3 seconds to 15 seconds allows us to see the timeout error in detail. It shows that it is an SSL error.

This is the resultant log with more info:

2021-01-31T14:36:08.775-05:00   Before we send to iot MQTT?

2021-01-31T14:36:08.775-05:00   Send message to topic: worker-safety-demo-cloud before

2021-01-31T14:36:17.295-05:00   [ERROR] SSLError: SSL validation failed for https://data.iot.us-east-1.amazonaws.com/topics/worker-safety-demo-cloud?qos=1 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091) Traceback (most recent call last):   File "/var/task/lambda_function.py", line 177, in lambda_handler     sendMessageToIoTTopic(iotMessage)   File "/var/task/lambda_function.py", line 119, in sendMessageToIoTTopic     payload=json.dumps(iotMessage)   File "/var/runtime/botocore/client.py", line 357, in _api_call     return self._make_api_call(operation_name, kwargs)   File "/var/runtime/botocore/client.py", line 663, in _make_api_call     operation_model, request_dict, request_context)   File "/var/runtime/botocore/client.py", line 682, in _make_request     return self._endpoint.make_request(operation_model, request_dict)   File "/var/runtime/botocore/endpoint.py", line 102, in make_request     return self._send_request(request_dict, operation_model)   File "/var/runtime/botocore/endpoint.py", line 137, in _send_request     success_response, exception):   File "/var/runtime/botocore/endpoint.py", line 256, in _needs_retry     caught_exception=caught_exception, request_dict=request_dict)   File "/var/runtime/botocore/hooks.py", line 356, in emit     return self._emitter.emit(aliased_event_name, **kwargs)   File "/var/runtime/botocore/hooks.py", line 228, in emit     return self._emit(event_name, kwargs)   File "/var/runtime/botocore/hooks.py", line 211, in _emit     response = handler(**kwargs)   File "/var/runtime/botocore/retryhandler.py", line 183, in __call__     if self._checker(attempts, response, caught_exception):   File "/var/runtime/botocore/retryhandler.py", line 251, in __call__     caught_exception)   File "/var/runtime/botocore/retryhandler.py", line 277, in _should_retry     return self._checker(attempt_number, response, caught_exception)   File "/var/runtime/botocore/retryhandler.py", line 317, in __call__     caught_exception)   File "/var/runtime/botocore/retryhandler.py", line 223, in __call__     attempt_number, caught_exception)   File "/var/runtime/botocore/retryhandler.py", line 359, in _check_caught_exception     raise caught_exception   File "/var/runtime/botocore/endpoint.py", line 200, in _do_get_response     http_response = self._send(request)   File "/var/runtime/botocore/endpoint.py", line 269, in _send     return self.http_session.send(request)   File "/var/runtime/botocore/httpsession.py", line 281, in send     raise SSLError(endpoint_url=request.url, error=e)

2021-01-31T14:36:17.296-05:00   END RequestId: 0da11ea2-c9d3-42ce-a8d5-cd3e709bf42e

The SSL error in detail is this:

[ERROR] SSLError: SSL validation failed for https://data.iot.us-east-1.amazonaws.com/topics/worker-safety-demo-cloud?qos=1 [SSL: CERTIFICATE_VERIFY_FAILED]
 certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)Traceback (most recent call last):  
File "/var/task/lambda_function.py", line 177, in lambda_handler    sendMessageToIoTTopic(iotMessage)  
File "/var/task/lambda_function.py", line 119, in sendMessageToIoTTopic    payload=json.dumps(iotMessage)  
File "/var/runtime/botocore/client.py", line 357, in _api_call    return self._make_api_call(operation_name, kwargs)  
File "/var/runtime/botocore/client.py", line 663, in _make_api_call    operation_model, request_dict, request_context)  
File "/var/runtime/botocore/client.py", line 682, in _make_request    return self._endpoint.make_request(operation_model, request_dict)  
File "/var/runtime/botocore/endpoint.py", line 102, in make_request    return self._send_request(request_dict, operation_model)  
File "/var/runtime/botocore/endpoint.py", line 137, in _send_request    success_response, exception):  
File "/var/runtime/botocore/endpoint.py", line 256, in _needs_retry    caught_exception=caught_exception, request_dict=request_dict)  
File "/var/runtime/botocore/hooks.py", line 356, in emit    return self._emitter.emit(aliased_event_name, **kwargs)  
File "/var/runtime/botocore/hooks.py", line 228, in emit    return self._emit(event_name, kwargs)  
File "/var/runtime/botocore/hooks.py", line 211, in _emit    response = handler(**kwargs)  File "/var/runtime/botocore/retryhandler.py", line 183, in __call__    if self._checker(attempts, response, caught_exception):  
File "/var/runtime/botocore/retryhandler.py", line 251, in __call__    caught_exception)  File "/var/runtime/botocore/retryhandler.py", line 277, in _should_retry    return self._checker(attempt_number, response, caught_exception)  
File "/var/runtime/botocore/retryhandler.py", line 317, in __call__    caught_exception)  File "/var/runtime/botocore/retryhandler.py", line 223, in __call__    attempt_number, caught_exception)  
File "/var/runtime/botocore/retryhandler.py", line 359, in _check_caught_exception    raise caught_exception  
File "/var/runtime/botocore/endpoint.py", line 200, in _do_get_response    http_response = self._send(request)  
File "/var/runtime/botocore/endpoint.py", line 269, in _send    return self.http_session.send(request) 
 File "/var/runtime/botocore/httpsession.py", line 281, in send    raise SSLError(endpoint_url=request.url, error=e)