对 AWS 外部函数进行故障排除

本主题提供有关 AWS 外部函数的故障排除信息。

Platform-independent Runtime Issues

Data Type Return Values Do Not Match Expected Return Values

When passing arguments to or from an external function, ensure that the data types are appropriate. If the value sent can’t fit into the data type being received, the value might be truncated or corrupted in some other way.

For more details, see Ensure that arguments to the external function correspond to arguments parsed by the remote service.

Error: Row numbers out of order

Possible Causes:

The row numbers you return within each batch should be monotonically ascending integers starting at 0. The input row numbers must also follow this rule, and each output row should match the corresponding input row. For example, the output in output row 0 should correspond to the input in input row 0.

Possible Solutions:

Ensure that the row numbers you return are the same as the row numbers you received, and that each output value uses the row number of the corresponding input. If this doesn’t work, then the input row numbers may not be correct or you did not return the rows in the correct order.

Next, ensure that the output row numbers start from 0, increase by 1, and are in order.

For more information about data input and output formats, see When Snowflake sends data to a remote service, or receives data from a remote.

Error: “Error parsing JSON: Invalid response”

Possible Causes:

The most likely cause is that the JSON returned by the remote service (e.g. AWS Lambda function) is not constructed correctly.

Possible Solutions:

Ensure that the external function returns an array of arrays, with one inner array returned for each input row received. Review the description of the output format at Data format received by Snowflake.

Error: Format of the returned value is not JSON

Possible Causes:

Your return value includes double quotes inside the value.

Possible Solutions:

Although JSON strings are delimited by double quotes, the string itself should not start and end with a quotation mark in most cases. If the embedded double quotes are incorrect, remove them.

Error: Function received the wrong number of rows

Possible Causes:

The remote service tried to return more or fewer rows than it received. Even though the function is nominally scalar, it might receive multiple rows in the body field of the event parameter, and should return exactly as many rows as it received.

Possible Solution(s):

Ensure that the remote service returns one row for each row that it receives.

特定于 AWS 的问题

当端点使用 Lambda 代理集成时,API Gateway 返回错误 502

Possible Cause:

Lambda 函数可能发生了以下情况:

  • 超时。
  • 抛出了异常。
  • 因其他原因失败。
Possible Solution:

如果 Lambda 或 API Gateway 日志可供您查看,请检查这些日志。

如果 Lambda 函数的源代码可供您使用,请分析和调试 Lambda 函数中的代码。在某些情况下,您可能能够在更简单的上下文(AWS 外部)中执行该代码的副本,以帮助对其进行调试。

验证发送到 Lambda 函数的数据是否采用了 Lambda 函数期望接收的格式。您可能需要尝试发送一个更小、更简单的数据集,看看能否成功。

确认您一次没有发送过多数据。

在某些情况下,增加超时时间可能会解决问题,尤其是当 Lambda 函数需要大量 CPU 资源时,或者因 Lambda 函数本身调用其他远程服务而需要更多时间时。

无法读取 Amazon AWS Lambda 函数内部 HTTP POST 方法中的请求正文

Possible Cause:

您可能没有启用 Lambda 代理集成。

Possible Solution:

启用 Lambda 代理集成。

For more details, see the steps in Create the API Gateway endpoint.

承担 AWS_ROLE 角色时出错

该消息的全文是:

SQL execution error: Error assuming AWS_ROLE. Please verify the role and externalId are
configured correctly in your AWS policy.
Possible Cause:

  • 在角色的 AWS 信任关系策略中,AWS ARN 不正确。可能的原因包括:

    • 您未进行设置。
    • You set it, but you used the ARN of the AWS role (incorrect) instead of the user ARN, which you can see from the DESCRIBE INTEGRATION command in Snowflake. Make sure that you use the value from the API_AWS_IAM_USER_ARN field of the worksheet rather than the value from the “API_AWS_ROLE_ARN” field.

  • In your AWS Trust Relationship Policy, the std:ExternalId is incorrect. Possible causes of that include:

    • 您未进行设置。
    • 您重新创建了 API 集成对象。重新创建 API 对象会更改其外部 ID。

Error: 403 ‘{“Message”:”User: <ARN> is not authorized to perform: execute-api:Invoke”}’

该消息的全文是:

Request failed for external function <function_name>.
Error: 403 '{"Message":"User: <ARN> is not authorized to perform: execute-api:Invoke on resource: <MethodRequestARN>"}'
Possible Cause:

  • API Gateway 资源策略的以下内容有误:

    • IAM 角色 ARN。
    • 承担的角色。
    • 方法请求 ARN。

  • IAM 角色没有附加正确的策略。

Possible Solution:

  • Make sure that you followed the resource policy template in Secure your Amazon API Gateway endpoint. Specifically, make sure that your resource policy:

    • Replaced the <12-digit number> with the value in the worksheet field named Your AWS account ID.
    • Replaced the <external_function_role> with the value in the New IAM Role Name field of the worksheet.
    • Replaced the method_request_ARN in the Resource field with the value in the Method Request ARN field in the worksheet. Make sure there is no slash at the end.

  • If you need to make sure that the IAM role has the correct permissions policy attached, you can find the role’s permissions policy list by following the steps below:

    1. 在 AWS 中,转到 Identity and Access Management (IAM),然后选择角色。
    2. View the Summary for the role.
    3. Click on the Permissions tab.
    4. Verify that the required policy is in the Permissions policies list.

  • 确保被调用的端点是在 API Gateway 上设置的资源,而不是暂存区。

Error: 403 ‘{“Message”:”User: anonymous is not authorized to perform: execute-api:Invoke”}’

该消息的全文是:

Request failed for external function <function_name>.
Error: 403 '{"Message":"User: anonymous is not authorized to perform: execute-api:Invoke on resource: <MethodRequestARN>"}'
Possible Cause:

One possible cause is that when you were configuring authorization for the API Gateway, you might not have specified that the Method Request requires AWS_IAM authorization for the resource.

Possible Solution:

If you did not follow the instructions in secure the Amazon API Gateway, then please follow them now to specify AWS_IAM authorization.

解析 JSON 响应时出错…Error: top-level JSON object must contain “data” JSON array element

该消息的全文是:

Error parsing JSON response for external function ... Error: top-level JSON object must contain "data" JSON array element
Possible Cause:
  • 您可能没有为 API Gateway 资源中的 POST 命令指定 Lambda 代理集成。
Possible Solution:

  • 为您的 API Gateway 资源指定 Lambda 代理集成。

    For more details about Lambda proxy integration, see the steps in Create the API Gateway endpoint.

Request failed for external function EXT_FUNC with remote service error: 403 ‘{“message”:”Forbidden”}’;

Possible Cause:

The proxy service required an API key, typically for authentication or billing. The API key is missing or incorrect.

Possible Solution:

使用 ALTER API INTEGRATION 命令指定正确的 API 密钥。

CloudFormation 堆栈创建失败

如果您使用 AWS CloudFormation 模板创建外部函数,则可能会出现此错误。

Possible cause:

您没有创建 CloudFormation 模板中指定的资源所需的权限。

Possible Solution:

Check the Events tab for the stack to see the error details.

Also look at the AWS external functions troubleshooting page for additional troubleshooting tips.