From f0fd0c1e07d0b4528e2214f648b061863edd4198 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Tue, 6 Aug 2019 23:20:11 +0000
Subject: [PATCH] Release 0.9.8

---
 CHANGES.md |  3 ++-
 index.py   | 37 ++++++++++++++++++++++---------------
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 705f964..6900e78 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,8 +1,9 @@
 # Changelog
 
-## 0.9.7
+## 0.9.8
 - Fix for ALB AccessLog parser to handle spaces in request_url
 - Improved VPC FlowLog metadata augmentation
+- better error handling for VPC FlowLog parsing
 
 ## 0.9.6
 - Augment VPC FlowLogs with ENI metadata incl. global cache
diff --git a/index.py b/index.py
index 6315dd1..7d82144 100644
--- a/index.py
+++ b/index.py
@@ -17,7 +17,7 @@ import boto3
 
 __author__ = "Stefan Reimer"
 __author_email__ = "stefan@zero-downtime.net"
-__version__ = "0.9.7"
+__version__ = "0.9.8"
 
 # IAM Alias lookup cache
 account_aliases = {}
@@ -120,11 +120,18 @@ def add_flow_metadata(flow):
 
                         # Lookup table by IP to classify traffic
                         ips[interface['PrivateIpAddress']] = interface
+        except(KeyError, IndexError):
+            logger.warning("Error trying to get metadata for ENIs, disabling ENHANCE_FLOWLOG")
+            ENHANCE_FLOWLOG = False
+            return flow
 
+        try:
             eni = enis[flow['interface-id']]
             metadata = {'eni.az': eni['AvailabilityZone'],
-                        'eni.sg': eni['Groups'][0]['GroupName'],
                         'eni.subnet': eni['SubnetId']}
+            remote_ip = None
+            if len(eni['Groups']):
+                metadata['eni.sg'] = eni['Groups'][0]['GroupName']
 
             # Add PublicIP if attached
             if 'Association' in eni and 'PublicIp' in eni['Association']:
@@ -140,23 +147,23 @@ def add_flow_metadata(flow):
 
             # Try to classify traffic:
             # Free,Regional,Out
-            if remote_ip in ips:
-                if ips[remote_ip]['AvailabilityZone'] == eni['AvailabilityZone'] and ips[remote_ip]['VpcId'] == eni['VpcId']:
-                    metadata['traffic_class'] = 'Free'
+            if remote_ip:
+                if remote_ip in ips:
+                    if ips[remote_ip]['AvailabilityZone'] == eni['AvailabilityZone'] and ips[remote_ip]['VpcId'] == eni['VpcId']:
+                        metadata['traffic_class'] = 'Free'
+                    else:
+                        metadata['traffic_class'] = 'Regional'
                 else:
-                    metadata['traffic_class'] = 'Regional'
-            else:
-                # Incoming traffic is free 90% of times
-                if metadata['direction'] == 'In':
-                    metadata['traffic_class'] = 'Free'
-                else:
-                    metadata['traffic_class'] = 'Out'
+                    # Incoming traffic is free 90% of times
+                    if metadata['direction'] == 'In':
+                        metadata['traffic_class'] = 'Free'
+                    else:
+                        metadata['traffic_class'] = 'Out'
 
             flow.update(metadata)
 
-        except(KeyError, IndexError):
-            logger.warning("Could not get additional data for ENI {}".format(flow['interface-id']))
-            ENHANCE_FLOWLOG = False
+        except(KeyError, IndexError) as e:
+            logger.warning("Could not get additional data for ENI {} ({})".format(flow['interface-id'], e))
             pass
 
     return flow