Is there anything stopping this being merged in? This module is now broken since it does not set the botocore version, meaning it downloads the latest version of botocore which no longer has Requests bundled in.

Workaround: download an earlier version of botocore (1.12.253 should work) which still has requests bundled in. This forces cfnresponse to use your version rather than the latest

Any updates? this module is now broken unless you downgrade boto3/botocore

We're now seeing this error now when using cfnresponse:

send(..) failed executing requests.put(..): module 'botocore.vendored.requests' has no attribute 'put'

Is this actually the version that AWS uses? Getting this merged is one thing but getting it deployed to inside of AWS so that Lambda Functions respond is another.

Ya, the challenge is that without any dependent modules ats @m8786 points out, deploying and using this is simple.

If this module begins to depend on requests because it's no longer vendored then deployment becomes a challenge.

Given that it sounds like requests is no longer available natively in the lambda environment there may be no good solution here. I'll take a look and see if there's a third option.

Thank you, Gene. Appreciate it!

@gene1wood

I believe in all cases this module is I’m only being installed via pip in which case the defined dependencies are always ensured to be installed as well.

So it looks like as of today in the Python 2.7 lambda environment the vendored requests is still available where it was at botocore.vendored.request

The current Python 3.6 and 3.7 lambda environments make the package available at botocore.vendored.requests and also pip._vendor.requests (though I've not yet tried this second vendored location out yet)

Details on what modules are present in the various environments

@mszymo

This module is now broken since it does not set the botocore version, meaning it downloads the latest version of botocore which no longer has Requests bundled in.

So I can understand the problem better, how are you using cfnresponse such that the botocore in your Lambda environment gets updated?

@mcaulifn

Any updates? this module is now broken unless you downgrade boto3/botocore

Are you using cfnresponse with the version of botocore that's built into the AWS Lambda environment? What error message do you get?

@brysontyrrell

We're now seeing this error now when using cfnresponse: send(..) failed executing requests.put(..): module 'botocore.vendored.requests' has no attribute 'put'

Is this using the version of botocore that comes with the AWS Lambda environment or something else?

Just trying to get some details about the problem.

@gene1wood

When installed via pip this package lists botocore as a requirement and will install the latest version as there isn’t a pinned version in the requirements. This updates the package in the Lambda environment.

But pinning to an old version isn’t a solution. We would want to move away from using a vendored package.

@gene1wood FYI: I'm using the documentation stated here:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html
My Lambda function is fully built into a CloudFormation template:

Type: AWS::Lambda::Function
Properties:
  Handler: "index.handler"
  Runtime: python3.7
  Timeout: 10
  Code:
    ZipFile: |
      import boto3
      import cfnresponse
      import json

      def handler(event, context):
        print('Got Event {}'.format(event))

Which means there's very little management of that function itself. AWS' own documentation states to use that when using the ZipFile property. Even if this fix worked, we're not the ones deploying the package, that's AWS.

@gene1wood

The error I posted is in Lambdas where we are installing the package alongside other requirements.

At some point, though, the Lambda environments will be updated to a version of boto3/botocore that breaks the existing package.

Let me see if I can make a PR that replaces requests with native python functions since it's just a simple PUT, that'll work around this problem

Ya it looks like this should be doable using httplib / http.client and no longer depending on requests

I'll see if I can do this tomorrow.

@gene1wood yes, we were doing that. now, pinning to the last version of botocore that has requests included. and then pinning boto3 too

Shoot,
So I apologize, I hadn't remembered exactly the back story on this repo of mine for cfnresponse.

The intent of this repo was to make the AWS cfnresponse module, which is available natively in the AWS lambda environment when you use the ZipFile property but not when you reference S3 stored code, usable in development environments (not in Lambda) as well as in S3 hosted code used in AWS Lambda.

You can see in the README that I show a method to validate that the code in this module is byte for byte identical to AWS's actual cfnresponse code.

So the problem is this. I can't go and change this module because the point is to mirror AWS's code. The problem with the deprecated (but working) use of the vendored requests module is in AWS's module (which this is a mirror of).

So depending on what you use this mirror for I'd offer different suggestions

• If you use this mirror to do development on Lambda code that will be used in a ZipFile driven CloudFormation template, continue using this mirror, disregard the deprecation warnings, and contact AWS support telling them that their cfnresponse module which they make available in the Lambda environment is giving deprecation errors. If they fix their upstream module, I'll happily update this pip package to match it.
• If you use this mirror to make cfnresponse available in AWS Lambda for S3 hosted code (not delivered via ZipFile), then I'd recommend you switch to the newer and much better custom-resource-helper module.

If you have a different use case than these two, let me know and I'll add that into the list.

I've merged and deployed #3 which ensures that pip will not install cfnresponse with a version of botocore which has removed the vendored requests module. Is the fix in cfnresponse 1.0.2 something that will work for folks?

why not do something like this:
https://github.com/quiltdata/t4/blob/master/lambdas/navigator_config/cfnresponse.py

I think at this point we can safely mirror AWS's code by using urllib3. Example: #4

@twillowman is correct, AWS now uses urllib3. I've captured this change in #7 and will deploy to PyPi