From a1c3908498b9ca5db2c4b11f7b7a396f85e83c14 Mon Sep 17 00:00:00 2001 From: Sean O'Donnell Date: Tue, 26 May 2026 09:25:20 -0400 Subject: [PATCH] Fix env var passing in RunAltTextGenerationTask S3_BUCKET_NAME and S3_FILE_KEY were being resolved by indexing into the ECS ContainerOverrides array from the previous task's output. This caused intermittent failures (~50%) because AWS GuardDuty Runtime Monitoring, running as a security requirement, injects a sidecar container into the ContainerOverrides array at launch time, making the array order unpredictable. Fixed by: - Adding result_path='$.ecsResult' to RunAdobeAutotagTask to preserve the original Map iterator input for downstream states - Updating RunAltTextGenerationTask to reference $.s3_bucket and $.s3_key directly from the Map iterator input instead of the ECS response array --- app.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app.py b/app.py index 1148d0bd..2ca752aa 100644 --- a/app.py +++ b/app.py @@ -174,7 +174,8 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: cluster=pdf_remediation_cluster, task_definition=adobe_autotag_task_def, assign_public_ip=False, - + result_path="$.ecsResult", + container_overrides=[tasks.ContainerOverride( container_definition = adobe_autotag_container_def, environment=[ @@ -213,11 +214,11 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: environment=[ tasks.TaskEnvironmentVariable( name="S3_BUCKET_NAME", - value=sfn.JsonPath.string_at("$.Overrides.ContainerOverrides[0].Environment[0].Value") + value=sfn.JsonPath.string_at("$.s3_bucket") ), tasks.TaskEnvironmentVariable( name="S3_FILE_KEY", - value=sfn.JsonPath.string_at("$.Overrides.ContainerOverrides[0].Environment[1].Value") + value=sfn.JsonPath.string_at("$.s3_key") ), tasks.TaskEnvironmentVariable( name="AWS_REGION",