[BUG] Inspector enabler lambda exits prematurely #316
Description
Describe the bug
Inspector enabler lambda sra-inspector-org exits prematurely when doing boto3 call to get_member (https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/inspector2/client/get_member.html#).
The result is that mgmt account and all the other member accounts does not get inspector enabled.
Only the delegated admin (audit account) does get inspector enabled.
To Reproduce
Steps to reproduce the behavior:
- Deploy cloudformation solution SRA with inspector like so:
aws cloudformation deploy --template-file aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml --stack-name sra-easy-setup --s3-bucket --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pDeployGuardDutySolution=Yes pDeployConfigManagementSolution=Yes pDeploySecurityHubSolution=Yes pSRAAlarmEmail= pDeployInspectorSolution=Yes
Expected behavior
Stack succeeds and lambda does not produce any error in the lambda log.
Current behavior
Stack succeeds and lambda produce error in the lambda log.
Screenshots
If applicable, add screenshots to help explain your problem.
Deployment Environment (please complete the following information)
- Deployment Framework [e.g. Customizations for Control Tower and CloudFormation StackSets]:
CloudFormation StackSets - Deployment Framework Version [e.g. 1.0, 2.0]:
main branch
Additional context
Stacktrace from lambda log:
{
"timestamp": "2025-09-17 10:32:30,915",
"level": "ERROR",
"location": "sra.lambda_handler:586",
"RequestType": "ContainerInit",
"message": "Unexpected!",
"exception": "Traceback (most recent call last):\n File "/var/task/app.py", line 584, in lambda_handler\n orchestrator(event, context)\n File "/var/task/app.py", line 562, in orchestrator\n process_event_sns(event)\n File "/var/task/app.py", line 535, in process_event_sns\n setup_inspector_in_region(\n File "/var/task/app.py", line 417, in setup_inspector_in_region\n inspector.associate_inspector_member_accounts(configuration_role_name, delegated_admin_account, accounts, region)\n File "/var/task/inspector.py", line 557, in associate_inspector_member_accounts\n if lookup_associated_accounts(inspector_delegated_admin_region_client, account["AccountId"]) is True:\n File "/var/task/inspector.py", line 131, in lookup_associated_accounts\n response = inspector2_client.get_member(accountId=account_id)\n File "/opt/python/botocore/client.py", line 602, in _api_call\n return self._make_api_call(operation_name, kwargs)\n File "/opt/python/botocore/context.py", line 123, in wrapper\n return func(*args, **kwargs)\n File "/opt/python/botocore/client.py", line 1078, in _make_api_call\n raise error_class(parsed_response, operation_name)\nbotocore.errorfactory.InternalServerException: An error occurred (InternalServerException) when calling the GetMember operation (reached max retries: 4): Failure to process account: 573673592501, errorMessage: The request is rejected because the given account ID is not an associated member of the current account."
}