Questions tagged with AWS Command Line Interface

Sort by most recent

1
90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

ResourceOwnerCheckException Error in firewall updating Delete protection, so cannot remove firewall

I use AWS CLI -- "aws network-firewall update-firewall-delete-protection --firewall-name FMManagedNetworkFirewallfirewallXXXXXXXXXXXXXXXX --no-delete-protection", i get this error "An error occurred (ResourceOwnerCheckException) when calling the UpdateFirewallDeleteProtection operation: Requested resource owner is invalid."

AWS Network Firewall AWS Command Line Interface

answers

votes

views

yan-Avaron

asked 6 hours ago

Access denied error uploading to s3 bucket

Hi all, I created a Snowpipe and now Unable to upload to my s3 bucket. I am logged into the right user, and I have added an s3 bucket policy to allow me to get get objects and put object in my bucket. Also, I cannot turn off public access because I need my files to stay on my account. Thanks

Amazon Simple Storage Service AWS Identity and Access Management AWS Command Line Interface Storage Amazon CloudTrail

answers

votes

views

99laiba

asked 13 hours ago

Problem with AWS Replication Agent for AWS Elastic Disaster Recovery (DRS)

Hello, I have problem with "Replication Agent" installation for "AWS Elastic Disaster Recovery" (DRS) on linux: Error: ./aws-replication-installer-64bit: error while loading shared libraries: libz.so.1: failed to map segment from shared object I used following commands: [ec2-user@ip-xxx ~]$ curl https://aws-elastic-disaster-recovery-eu-central-1.s3.eu-central-1.amazonaws.com/latest/linux/aws-replication-installer-init.py -o aws-replication-installer-init.py [ec2-user@ip-xxx ~]$ sudo python3 aws-replication-installer-init.py The installation of the AWS Replication Agent has started. AWS Region Name: eu-central-1 ./aws-replication-installer-64bit: error while loading shared libraries: libz.so.1: failed to map segment from shared object My environment: [ec2-user]$ uname -a Linux xxx 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 8 13:30:15 EST 2021 x86_64 x86_64 x86_64 GNU/Linux [ec2-user]$ cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.5 (Ootpa)" Does anybody have similar problem? Thanks, Adrian Hollay

Migration & Transfer Disaster Recovery/Business Continuity AWS Command Line Interface Amazon EC2

answers

votes

views

Adrian Hollay

asked a day ago

Unable to activate AWS Genomics CLI

AWS Command Line Interface IAM Access Analyzer Genomics

answers

votes

views

rePost-User-7901222

asked 7 days ago

How can I publish an application containing an AWS::Serverless::Function resource with a FunctionUrlConfig property?

I have a SAM template with an `AWS::Serverless::Function` resource that has a [`FunctionUrlConfig`](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functionurlconfig.html) property. It builds and deploys just fine using the SAM CLI, so the transform clearly works. But when I try to publish it to the Serverless Application Repository (either with `sam publish` or `aws serverlessrepo create-application` or via the AWS Serverless Application Repository Console), I get the following error: ``` Invalid Serverless Application Specification document. Number of errors found: 1. Errors: Resource with id [IiifFunction] is invalid. property FunctionUrlConfig not defined for resource of type AWS::Serverless::Function ``` It seems like the Serverless Application Repository API simply isn't using an up-to-date schema to validate the template. Since `FunctionUrlConfig` is part of the documented `AWS::Serverless::Function` model, it seems like the app repository should accept it. Is there anything I can do to try to get past this? Or do I just have to wait until someone at AWS updates the API's template validator with the latest version of the model?

Accepted Answer Serverless AWS Lambda AWS Command Line Interface AWS Serverless Application Repository

answers

votes

views

mbklein

asked 8 days ago

AWS Macie not work with sensitive data

I tried setting the AWS Macie to analyze sensitive data. but not work. I create the following "custom data identifiers" ``` Name: Test01 Regular expression: (?i)batman\.txt.* Keywords: None Ignore words: None Maximum match distance: 50 Occurrences threshold: 1 Severity Level: Medium ``` [https://capsula-01.s3.amazonaws.com/AWS_MACIE01.png]() Create the job. [https://capsula-01.s3.amazonaws.com/AWS_MACIE02.png]() I analysing the session file of the SSM. I connect to the server EC2 via session manager and run the command "scp batman.txt server:~" for example. Is it possible to get this? The bucket s3 [https://capsula-01.s3.amazonaws.com/AWS_MACIE03.png]() But not work. Let me know if i'm doing something wrong.

Amazon Simple Storage Service Amazon Macie AWS Command Line Interface AWS Systems Manager

answers

votes

views

ricardobarbosams

asked 8 days ago

Exec linux command inside a container

Hi team, I connected to my envoy container using this command : ``` aws ecs execute-command --cluster cluster-name --task task-id --container container-name --interactive --command "/bin/sh" ``` once inside the container I'm trying to execute this Linux command: ` ps aux` I have this error : `sh: ps: command not found` the version of the distribution inside the envoy container is " ``` Linux version 4.14.276-211.499.amzn2.x86_64 (mockbuild@ip-xx-x-xx-225) (gcc version 7.3.1 20180712 (Red Hat 7.3.1-13) (GCC)) #1 SMP Wed Apr 27 21:08:48 UTC 2022 ``` I tried to install ps : `yum install -y procps` I have this error : ``` Loaded plugins: ovl, priorities Could not retrieve mirrorlist http://amazonlinux.default.amazonaws.com/2/core/latest/x86_64/mirror.list error was 14: curl#56 - "Recv failure: Connection reset by peer" One of the configured repositories failed (Unknown), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable <repoid> or subscription-manager repos --disable=<repoid> 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true Cannot find a valid baseurl for repo: amzn2-core/2/x86_64 ``` is there a way to run basic commands inside the envoy container like ps, map...? Thank you.

Linux Provisioning AWS Fargate AWS Command Line Interface Amazon EC2 Amazon Elastic Container Service

answers

votes

views

Jess

asked 8 days ago

My local MongoDB is refusing to connect with AWS SAM Lambda in python

I have set up an AWS Lambda function using the AWS SAM app. I have also downloaded local MongoDB on my machine. I am trying to make a connection between AWS Lambda and MongoDB. You can see my code below: ``` import json import pymongo client = pymongo.MongoClient('mongodb://localhost:27017/') mydb = client['Employee'] def lambda_handler(event, context): information = mydb.employeeInformation record = { 'FirstName' : 'Rehan', 'LastName' : 'CH', 'Department' : "IT" } information.insert_one(record) print("Record added") return { "statusCode": 200, "body": json.dumps( { "message": "hello world", # "location": ip.text.replace("\n", "") } ), } ``` When I run the sam app using command ``` sam local invoke ``` it throws an error that you can see below: ``` [ERROR] ServerSelectionTimeoutError: localhost:27017: [Errno 111] Connection refused, Timeout: 30s, Topology Description: <TopologyDescription id: 62b16aa14a95a3e56eb0e7cb, topology_type: Unknown, servers: [<ServerDescription ('localhost', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('localho raise ServerSelectionTimeoutError(, line 227, in _select_servers_looprtn_support ``` I also have searched for this error and eventually, I found some but didn't get help from them. That's why I have to post it again. Its my first time interaction with MongoDB. Can someone tell me how do I resolve this error, or where I am doing wrong?

AWS Lambda AWS Command Line Interface AWS Serverless Application Repository

answers

votes

views

AWS-User-8471608

asked 8 days ago

How to get value of the disableApiStop (stop protection) instance attribute via the AWS API/CLI/boto3?

Status of instance stop protection can be viewed via the AWS web console but attempting to `describe-instance-attribute --attribute disableApiStop` on an instance does not return the current value of this attribute. The call does not fail but the value is not returned. In the CLI [documenation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-instance-attribute.html) this attribute is listed in the **possible** values under [**Options**](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-instance-attribute.html#options) but not in the **valid** values under [**Description**](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-instance-attribute.html#description). It is a similar case in the API [documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceAttribute.html) Is this intentional? How is it recommended to gather this value. As far as I can tell it can't be gathered through `describe-instances` either.

AWS Command Line Interface Amazon EC2 Compute

answers

votes

views

AWS-User-1977876

asked 8 days ago

Can't install iam-authenticator in cloudshell

I want to install iam athenticator in a cloudshell environment, but I keep getting an error when I run the following command. curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator It returns this error. Warning: Failed to create the file aws-iam-authenticator: Permission denied I'm following a tutorial and I'm not sure why I get the above error and I cannot continue the tutorial without iam_authenticator installed.

Accepted Answer AWS CloudShell AWS Command Line Interface IAM Policies

answers

votes

views

rePost-User-6098079

asked 9 days ago

Cli "Unable to locate credentials" on EC2 instance

I'm trying to use the AWS CLI tool on an EC2 instance running Amazon Linux. I configured it by using the "aws configure" command to set up an access key and secret key. When I run it directly from the linux prompt, it works fine. However, I need to run it as part of a script that is executed nightly with cron. I put a link to my script in cron.daily. The script runs, but when it reaches the aws command, it fails with the error "Unable to locate credentials". I suspect that cron must be running the script under some user other than the default ec2-user, but I can't figure out which user, or how to configure the credentials for that user. I tried typing "sudo su" and then re-issuing the commands to set the credentials, but that did not fix the problem. Thanks, Frank

AWS Command Line Interface Amazon EC2

answers

votes

views

Frank

asked 9 days ago

Expo build - APK upload fails when using aws-cli command, via GitHub Actions but works from terminal(local)

Command used in GitHub Actions to download APK from expo: latest_build=$(npx eas-cli build:list --status="finished" --distribution="store" --json | jq '[.[] | select(.releaseChannel=="development")][1].artifacts.buildUrl') Command used in GitHub Actions for create-upload and upload in device farm response_upload_app=$(aws devicefarm create-upload --project-arn $DEV_PROJECT_ARN --name latest_build.apk --type ANDROID_APP) curl -T latest_build.apk $url_upload_app Same command when run locally in terminal when the APK is available in a folder, works perfectly fine. Also, at times, when running in local terminal, it was giving request timeout error This is the error log in GitHub Actions in when running get-upload command for the corresponding create upload arn in device farm: "metadata": "{\"errorMessageUrl\":\"https://docs.aws.amazon.com/console/devicefarm/ANDROID_APP_AAPT_DEBUG_BADGING_FAILED\",\"errorMessage\":\"We could not extract information about your Android application package. Please verify that the application package is valid by running the command \\\"aapt debug badging <path to your test package>\\\", and try again after the command does not print any error.\",\"errorCode\":\"ANDROID_APP_AAPT_DEBUG_BADGING_FAILED\"} Debugging done so far: Ran this (aapt debug badging <path to apk>/latest_build.apk ) and was able to get package information correctly

AWS CodeBuild AWS CodePipeline AWS Device Farm AWS Command Line Interface Internet of Things

answers

votes

views

rePost-User-0637526

asked 9 days ago

Can not add MFA or add users I see an error page flashing

Hello, and thanks for your help. Any time I attempt adding a new user (i.e. clicking add user in IAM) or click add MFA. I get redirected to the IAM with the below text. IAM Dashboard "We encountered the following errors while processing your request: X Unknown error." IAM Resources "We encountered the following errors while processing your request: X Unknown error." Please note I have not used AWS for anything else on this account, these are the first settings I attempted changing. thanks, -

AWS Identity and Access Management AWS Management Console AWS Command Line Interface AWS Service Catalog

answers

votes

views

rePost-User-3996666

asked 10 days ago

Can AWS CloudFormation template access s3 from any region other than its current region?

I currently use AWS CloudFormation template to create resources in my users' account. Now, my cloudformation template is in an s3 bucket in region us-east-1 and my use case is that my if my users choose any region other than us-east-1 during creating the stack, then it is failing with the following error: "Error occurred while GetObject. S3 Error Code: AuthorizationHeaderMalformed. S3 Error Message: The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'eu-central-1'". Please help me with some solution here. Thanks.

Amazon Simple Storage Service AWS Identity and Access Management AWS Management Console AWS Command Line Interface AWS CloudFormation

answers

votes

views

rePost-User-2478398

asked 10 days ago

Difference between AWS Developer/SysOps tools

Hi, I want to know what is the difference between the AWS CLI, AWS SDK, AWS CDK, and AWS toolkit for VSCode, specifically for which tools can you create/delete AWS resources, which tools can be used to access aws resources (eg uploading a file into a s3 bucket), and which tools can be used to manage AWS resources. Thank you in advance,

Developer Tools AWS Command Line Interface

answers

votes

views

rePost-User-3298985

asked 12 days ago

AWS S3 bucket is being accessed from any region even though it is created in us-west-2

I am using Java SDK for aws to create S3 client to access s3 bucket connection status. Now, the current bucket which I am accessing is originally in region us-west-2. But during creating an s3 client(to access the bucket programatically) if I pass any other region other then us-west-2 also, the client is being created and I am getting the connection status as true. I am confused, shouldn't it return as failed if I am passing some other region than the region it is currently located in?

Accepted Answer Amazon Simple Storage Service AWS Command Line Interface Storage

answers

votes

views

rePost-User-2478398

asked 12 days ago

How to Enable Region Programmatically

We are looking to enable an AWS region programmatically using either boto3 or terraform.

AWS Command Line Interface Infrastructure as Code DevOps

answers

votes

views

dyasic

asked 14 days ago

How can I configure a preset with level 4.2 codec h264 in AWS elastic transcoder?

I want to generate an output in AWS elastic transcoder 1080p 60fps encoded with h264 but it doesn't play for me because the maximum level configured is 4.1. Is there a way to generate an output to be able to play in 1080p 60fps in hls?

AWS Elemental MediaConvert AWS Command Line Interface Amazon Elastic Transcoder Microservices

answers

votes

views

rePost-User-3028054

asked 14 days ago

Permission denied on AWS Device Farm

Hi, I tried to run ./gradlew deviceFarmUpload but it failed because I am not authorized to perform: devicefarm:ListProjects with an explicit deny in an identity-based policy. I checked with my admin and he stated that I am in a user group which has the AWSDeviceFarmFullAccess policy attached to the group. arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess { "Version": "2012-10-17", "Statement": [ { "Action": [ "devicefarm:*" ], "Effect": "Allow", "Resource": "*" } ] } Can I get help with this issue? Thank you so much.

AWS Device Farm AWS Identity and Access Management AWS Management Console AWS Command Line Interface

answers

votes

views

rePost-User-1061543

asked 15 days ago

AWS CLI greengrass v2 create-deployment using JSON to import lambda not importing lambda artifact

I am importing lambdas as components for ggv2 using the AWS CLI. The lambdas import successfully but when I deploy to greengrass v2 I get the following error: > Error occurred while processing deployment. {deploymentId=********************, serviceName=DeploymentService, currentState=RUNNING}java.util.concurrent.ExecutionException: com.aws.greengrass.componentmanager.exceptions.NoAvailableComponentVersionException: No local or cloud component version satisfies the requirements. Check whether the version constraints conflict and that the component exists in your AWS account with a version that matches the version constraints. If the version constraints conflict, revise deployments to resolve the conflict. Component devmgmt.device.scheduler version constraints: thinggroup/dev-e01 requires =3.0.61. at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) The version exists as it was imported successfully but the artifact is not transferred to the Greengrass Core. If I import the lambda from the AWS Management Console then it works as expected. Here is my CLI json input file and the command I am running. What am I missing? `aws greengrassv2 create-component-version --cli-input-json file://lambda-import-worker.json` *lambda-import-worker.json file:* ``` { "lambdaFunction": { "lambdaArn": "arn:aws:lambda:*******:***************:function:devmgmt-worker:319", "componentName": "devmgmt.device.scheduler", "componentVersion": "3.0.61", "componentPlatforms": [ { "name": "Linux amd64", "attributes": { "os": "All", "platform": "All" } } ], "componentDependencies": { "aws.greengrass.TokenExchangeService":{ "versionRequirement": ">=2.0.0 <3.0.0", "dependencyType": "HARD" }, "aws.greengrass.LambdaLauncher": { "versionRequirement": ">=2.0.0 <3.0.0", "dependencyType": "HARD" }, "aws.greengrass.LambdaRuntimes": { "versionRequirement": ">=2.0.0 <3.0.0", "dependencyType": "SOFT" } }, "componentLambdaParameters": { "maxQueueSize": 1000, "maxInstancesCount": 100, "maxIdleTimeInSeconds": 120, "timeoutInSeconds": 60, "statusTimeoutInSeconds": 60, "pinned": true, "inputPayloadEncodingType": "json", "environmentVariables": {}, "execArgs": [], "linuxProcessParams": { "isolationMode": "NoContainer" }, "eventSources": [ { "topic": "device/notice", "type": "PUB_SUB" }, { "topic": "$aws/things/thingnameManager/shadow/name/ops/update/accepted", "type": "IOT_CORE" }, { "topic": "dev/device", "type": "IOT_CORE" } ] } } } ```

Accepted Answer AWS IoT Greengrass AWS Lambda AWS Command Line Interface Internet of Things

answers

votes

views

JAG

asked 15 days ago

AWS Systems Manager - Inventory Collection stuck in Pending Status

The AWS System Manager Inventory Collection & Managed Instances configurations never leaves 'Pending' Status when I run the Quick Setup. I've tried a number of times but it doesn't to work. I've also tried to follow the instructions on the Troubleshooting page (link below) to address insufficient permissions but that hasn't solved the problem either. Has anyone else had this problem and have a fix? Thanks in advance! https://docs.aws.amazon.com/systems-manager/latest/userguide/syman-inventory-troubleshooting.html#sysman-inventory-troubleshooting-pending

AWS Management Console AWS Config AWS Command Line Interface AWS Systems Manager

answers

votes

views

rePost-User-5663835

asked 15 days ago

cloud9 lightsail create-instance fails

No matter what name i use i get this error: An error occurred (InvalidInputException) when calling the CreateInstances operation: Some names are already in use:

AWS Cloud9 Amazon Lightsail AWS Command Line Interface

answers

votes

views

st0ut

asked 15 days ago

Deploy YOLOv5 in sagemaker - ModelError: InvokeEndpoint operation: Received server error (0)

Amazon SageMaker AWS Command Line Interface Machine Learning & AI

answers

votes

views

AWS-User-5413662

asked 15 days ago

Redirect S3 URL to Domain URL

I have my image stored on my server as xyz.com/images , Now I have moved my folder to s3 but I want my URL to be the same. I don't want use Cloud front for redirect , Is their a was to use redirection rules to change the path URL images

Amazon Simple Storage Service Website Provisioning AWS Command Line Interface Amazon CloudFront Amazon Route 53

answers

votes

views

Divyanshu

asked 16 days ago

AWS Assume Role via .Net SDK gives Access Denied but works with CLI

I am trying to upload a file in S3 by AWS Assume Role. When I am trying to access it from CLI it works fine but from .Net SDK it gives me Access Denied error. Here are the steps I followed in CLI - 1. Setup the access key/secret key for user using **aws configure** 2. Assume the Role - **“aws sts assume-role --role-arn "arn:aws:iam::1010101010:role/Test-Account-Role" --role-session-name AWSCLI-Session”** 3. Take the access key / secret key / session token from the assumed role and setup an AWS profile. The credentials are printed out/returned from the assumed role. 4. Switch to the assume role profile: **“set AWS_PROFILE=<TempRole>”** 5. Verify that the user has the role: **“aws sts get-caller-identity”** 6. Access the bucket using ls or cp or rm command - **Works Successfully.** Now I am trying to access it from .Net core App - Here is the code snippet- Note that I am using same Access and Secret key as CLI from my local. ``` try { var region = RegionEndpoint.GetBySystemName(awsRegion); SessionAWSCredentials tempCredentials = await GetTemporaryCredentialsAsync(awsAccessKey, awsSecretKey, region, roleARN); //Use the temp credentials received to create the new client IAmazonS3 client = new AmazonS3Client(tempCredentials, region); TransferUtility utility = new TransferUtility(client); // making a TransferUtilityUploadRequest instance TransferUtilityUploadRequest request = new TransferUtilityUploadRequest { BucketName = bucketName, Key = $"{subFolder}/{fileName}", FilePath = localFilePath utility.Upload(request); //transfer fileUploadedSuccessfully = true; } catch (AmazonS3Exception ex) { // HandleException } catch (Exception ex) { // HandleException } ``` The method to get temp credentials is as follow - GetTemporaryCredentialsAsync ``` private static async Task<SessionAWSCredentials> GetTemporaryCredentialsAsync(string awsAccessKey, string awsSecretKey, RegionEndpoint region, string roleARN) { using (var stsClient = new AmazonSecurityTokenServiceClient(awsAccessKey, awsSecretKey, region)) { var getSessionTokenRequest = new GetSessionTokenRequest { DurationSeconds = 7200 }; await stsClient.AssumeRoleAsync( new AssumeRoleRequest() { RoleArn = roleARN, RoleSessionName = "mySession" }); GetSessionTokenResponse sessionTokenResponse = await stsClient.GetSessionTokenAsync(getSessionTokenRequest); Credentials credentials = sessionTokenResponse.Credentials; var sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return sessionCredentials; } } ``` I am getting back the temp credentials but it gives me Access Denied while uploading the file. Not sure if I am missing anything here. Also noted that the token generated via SDK is shorter than that from CLI. I tried pasting these temp credentials to local profile and then tried to access the bucket and getting the Access Denied error then too.

Security Identity & Compliance AWS Identity and Access Management AWS Management Console AWS Command Line Interface

answers

votes

views

Mahesh

asked 16 days ago

How to set up step functions to split Dataframe and process in EC2

Hi everyone, I'm a student doing research and part of that research requires me to download over 2 million files and analyse them, I have a python script that I can run and it does what I need it to do however, I would like to split the data frame into 256 chunks and run each chunk on a separate EC2 instance to download the files into an S3 bucket and then as a file hits that bucket I would like a second python script to run analysing the file. I know this can be done a number of ways but I'm hoping someone can help steer me in the right direction, from what little i have had to do with AWS I'm thinking something like a steps function could help to achieve this? thanks in advance Tom

AWS Step Functions AWS Command Line Interface Amazon EC2

answers

votes

views

rePost-User-5364494

asked 17 days ago

looking for automation to Delete S3 files with specific Extension and date

I have Automation to delete files with specific range of dated files, but looking for Automation if we have any on Deleting s3 files with specific Extensions and data together which are 60 days old.

Accepted Answer Amazon Simple Storage Service AWS Command Line Interface Storage

answers

votes

views

RGADA

asked 19 days ago

How do I rotate an API gateway key keeping its current used quota?

We need to allow our customers to refresh the AWS Gateway API key at any time using the SDK , unfortunately the only way I can see of doing this is to delete the existing key and then create a new key. Is there any way of creating the new key but keeping the existing daily quota used value? Or is there any other way of rotating the key? If there is no way of doing this then the customer could use their quota, refresh the key and get another daily quota. Thanks

Accepted Answer AWS Key Management Service AWS Identity and Access Management Amazon API Gateway AWS Command Line Interface

answers

votes

views

rePost-User-9902202

asked 20 days ago

Is there aws cli command to putCalendar for System Manager Change Calendar.

I want to create event in System Manager Change Calendar by aws cli.

Accepted Answer AWS Command Line Interface

answers

votes

views

AWS-User-0702414

asked 20 days ago

Cannot run GUI/OpenGL on headless macOS EC2 Instance

Hello, I am currently trying to use EC2 mac instances to run a CI/CD pipeline which involves running tests with electron/selenium. In order to run these tests openGL needs to be available. Im currently getting there error on line 49 of https://chromium.googlesource.com/chromium/src/+/8f066ff5113bd9d348f0aaf7ac6adc1ca1d1cd31/ui/gl/init/gl_initializer_mac.cc. With the output on the instance giving: ``` 2022-06-09 19:38:25.937 Electron[52243:188559] +[NSXPCSharedListener endpointForReply:withListenerName:]: an error occurred while attempting to obtain endpoint for listener 'ClientCallsAuxiliary': Connection interrupted [52245:0609/193826.555969:ERROR:gl_initializer_mac.cc(65)] Error choosing pixel format. [52245:0609/193826.556035:ERROR:gl_initializer_mac.cc(193)] GLSurfaceCGL::InitializeOneOff failed. [52245:0609/193826.664827:ERROR:viz_main_impl.cc(188)] Exiting GPU process due to errors during initialization ``` The root cause of this is there is no display connected to the mac1 bare metal dedicated host. It seems the work around here is either using a plug to fake that a display is connected, or connecting to the instance via vnc with the following commands: **On ec2 instance** ``` sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ -activate -configure -access -on \ -configure -allowAccessFor -specifiedUsers \ -configure -users ec2-user \ -configure -restart -agent -privs -all sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ -configure -access -on -privs -all -users ec2-user ``` **On local macbook** ``` ssh -L 5900:localhost:5900 -C -N -i <your private key.pem> ec2-user@<your public ip address> open vnc://localhost ``` After establishing the connection over screen share, I no longer get the openGL issues and the run succeeds. Unfortunately this is not a solution/workaround for my use case as I will need to restart/reboot these instances after each run. I have tested this multiple times and after rebooting the instance the display is no longer present. (I have verified the displays being recognized / not being recognized with displayplacer list) Some more background, this is an issue on the latest AWS Monterey and BigSur AMIs. Is there any way to make the mac1 mini dedicated host think that there is a display plugged into it or trick it into thinking there is a display via software. I need a solution here that can be implemented via a script so setting something up like https://github.com/waydabber/BetterDummy does not work for me. Github seems to have a solution for this with their self-hosted github action runners so I am curious why AWS doesn't seem to support this / should this not be a common use case for an EC2 Mac Instance?

Linux Provisioning AWS Command Line Interface Amazon EC2 Windows Provisioning DevOps

answers

votes

views

Kevin

asked 20 days ago

how to create aws stream with cli input json file

Hi, I am trying to follow the instructions in (https://docs.aws.amazon.com/iot/latest/developerguide/mqtt-based-file-delivery-managing.html) to create a stream for my application purpose. however, when following the instruction in the doc, I was stuck at trying to following step (https://docs.aws.amazon.com/cli/latest/reference/iot/create-stream.html), there's a json file as follows, how do I create this json file ? Thanks in advance. Contents of create-stream.json: ``` { "streamId": "stream12345", "description": "This stream is used for Amazon FreeRTOS OTA Update 12345.", "files": [ { "fileId": 123, "s3Location": { "bucket":"codesign-ota-bucket", "key":"48c67f3c-63bb-4f92-a98a-4ee0fbc2bef6" } } ] "roleArn": "arn:aws:iam:123456789012:role/service-role/my_ota_stream_role" } ```

AWS IoT Core AWS Command Line Interface Internet of Things Amazon AppStream

answers

votes

views

rePost-User-6822235

asked 20 days ago

Beginner cannot get root access to the AWS Command Line Interface

Hello Forum. **Question:** *Can someone show me how to get root user access to the AWS Command Line Interface?* I am stuck on Step 3 (Module 3: Setting Up the AWS CLI) of the getting started guide found here: https://aws.amazon.com/getting-started/guides/setup-environment/ Here are the steps I have taken: Module 1: Create Your Account. I created an account a few years ago but it has been dormant. I just today decided to learn Amazon AWS. Module 2: Secure Your Account. I went through the steps to secure my account. I secured the root user account. I created an IAM user account for myself. There are now two accounts, the root user (myself) and the user account, also for myself. Module 3: Setting Up the AWS CLI. I downloaded and installed the AWS Command Line Interface. I accessed the AWS CLI from the C prompt on my computer. I configured the credentials to access my AWS account. Here is the problem: I configured the credentials using the *IAM user account* and not the root user account. ``` /* I mistakenly used the credentials for the user instead of the root user below */ aws configure AWS Access Key ID [None]: ANOTREALACCESSKEYID AWS Secret Access Key [None]: ANOTREALSECRETACCESSKEY Default region name [None]: eu-west-1 Default output format [None]: json ``` Now the AWS CLI will not let me into root user area. It tells me that I do not have permissions for access to that area. I am a beginner. All of this is kind of confusing. I would appreciate any assistance with this matter anyone can provide. Thank you in advance.

Accepted Answer AWS Identity and Access Management AWS Command Line Interface

answers

votes

views

knox

asked 22 days ago

How do I updated a CloudWatch Synthetics Canary layer version number using the AWS CLI?

Hello, I created a CloudWatch Synthetics Canary via a console blueprint I want to update the active layer version ("39" – bolded below) using the AWS CLI I see it in the Code["SourceLocationArn"] attribute in my describe-canary response The [update-canary operation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/synthetics/update-canary.html) doesn't have a SourceLocationArn option for the --code value. How do I updated the layer version number using the AWS CLI? Thank you ``` { "Id": "aae1dc97-773b-47bb-ae72-d0bb54eec60c", "Name": "daily-wisdom-texts", "Code": { ** "SourceLocationArn": "arn:aws:lambda:us-east-1:875425895862:layer:cwsyn-daily-wisdom-texts-aae1dc97-773b-47bb-ae72-d0bb54eec60c:39", ** "Handler": "pageLoadBlueprint.handler" }, "ExecutionRoleArn": "arn:aws:iam::875425895862:role/service-role/CloudWatchSyntheticsRole-daily-wisdom-texts-cf9-de04b4eb2bb3", "Schedule": { "Expression": "rate(1 hour)", "DurationInSeconds": 0 }, "RunConfig": { "TimeoutInSeconds": 60, "MemoryInMB": 1000, "ActiveTracing": false }, "SuccessRetentionPeriodInDays": 31, "FailureRetentionPeriodInDays": 31, "Status": { "State": "RUNNING", "StateReasonCode": "UPDATE_COMPLETE" }, "Timeline": { "Created": 1641343713.153, "LastModified": 1652481443.745, "LastStarted": 1652481444.83, "LastStopped": 1641675597.0 }, "ArtifactS3Location": "cw-syn-results-875425895862-us-east-1/canary/us-east-1/daily-wisdom-texts-cf9-de04b4eb2bb3", "EngineArn": "arn:aws:lambda:us-east-1:875425895862:function:cwsyn-daily-wisdom-texts-aae1dc97-773b-47bb-ae72-d0bb54eec60c:57", "RuntimeVersion": "syn-python-selenium-1.0", "Tags": { "blueprint": "heartbeat" } } ```

AWS Lambda AWS Command Line Interface Amazon CloudWatch Amazon CloudWatch Synthetics

answers

votes

views

AWS-User-4443243

asked 23 days ago

Limitation on AWS CloudWatch metrics insights

Hello, Is it true that AWS CloudWatch Metrics Insights can't query linked accounts for AWS organizations?

Accepted Answer AWS Command Line Interface AWS Firewall Manager Amazon CloudWatch Amazon CloudTrail Microservices

answers

votes

views

rePost-User-4476088

asked 23 days ago

AWS CLI is not working

AWS Command Line Interface Amazon Elastic Container Registry (ECR)

answers

votes

views

Lalani

asked 24 days ago

Ubuntu 22.04 EC2 key pair not excepted without sshd_config edit

Hello, Not sure if this is a bug as replicating the same steps with an ubuntu 20.04 EC2 image does not fail. Whenever I launch an Ubuntu 22.04 EC2 image and try and connect via SSH I get the following error (This is with the .PEM file directly from AWS console): "No supported authentication methods available (server sent: publickey)". To fix this I have to add the following line to the sshd_config to except ssh-rsa keys: "PubkeyAcceptedKeyTypes=+ssh-rsa" Is this expected behaviour? Thanks,

Accepted Answer AWS Command Line Interface Amazon EC2 Compute

answers

votes

views

AJCWhite

asked 24 days ago

Why is my S3 Object metadata Content-Type application/pdf, refreshing pdf link until failure?

# Metadata: Content-Type; application/pdf All my "block public access" settings are off. I can serve the file on desktop. Mobile access endlessly refreshes the webpage until failure. How do I ensure the public file is served correctly or view error logs?

Amazon Simple Storage Service AWS Command Line Interface Storage Mobile

answers

votes

views

stcoffee3

asked 25 days ago

Start lightsail leads to a 403 error, even logging in with root

I logged in as root to stop the lightsail web console page and try to restart it, but after clicking it, a window pops out and says ``` t looks like you aren't authorized. If you're signed in as an IAM user, ask your administrator to create a permissions policy that grants access to Amazon Lightsail resources and related AWS services ``` I am pretty sure I config nothing more in aws, since this is a newly registered accout. What should I do to restart the lightsail instance?

Amazon Lightsail Security Identity & Compliance AWS Identity and Access Management AWS Management Console AWS Command Line Interface

answers

votes

views

rePost-User-7205503

asked a month ago

Can someone help me how to access to my wordpress again?

Hello, yesterday I was installing a theme downloaded from Themeforest for my website, I use wordpress. When installing and activating the theme plugins, wordpress notifies me with a white screen "There has been a critical error on this website" and I wanted to uninstall or cancel the process but it wouldn't allow me. I want to access my wordpress, but I don't know how to enter. Can someone help me how to access to my wordpress again? I have no knowledge of programming. This is the link of my website: https://discoveringelsalvador.com/

Website Provisioning Website Hosting AWS Command Line Interface

answers

votes

views

rePost-User-7452952

asked a month ago

Why doesn't IAM show user principal IDs nor allow for searching?

From GuardDuty we get notifications about modifications to S3 buckets in the format ``` {"Records":[{"eventVersion":"2.1","eventSource":"aws:s3","awsRegion":"ap-southeast-1","eventTime":"DATETIME","eventName":"ObjectCreated:Put","userIdentity":{"principalId":"AWS:21CHARACTER"},"requestParameters":{"sourceIPAddress":"1.2.3.4"},"responseElements":{"x-amz-request-id":"X-AMZ-REQUEST-ID","x-amz-id-2":"X-AMZ-ID-2"},"s3":{"s3SchemaVersion":"1.0","configurationId":"CONFIGURATIONID","bucket":{"name":"BUCKETNAME","ownerIdentity":{"principalId":"14CHARACTER"},"arn":"arn:aws:s3:::BUCKETNAME"},"object":{"key":"FILE.NAME","size":1234,"eTag":"ETAG","sequencer":"SEQUENCER"}}}]} ``` 1. Why doesn't it report the user ARN? 2. Why does IAM *not* show each user's (21-character) principal ID? 3. Why does IAM *not* make principal ID searchable? 4. Why does AWS CLI iam get-user *not* implement get by principal ID? 5. Why does it have to be iam list-users to pull *every* user to manually check?

AWS Identity and Access Management Amazon GuardDuty AWS Command Line Interface

answers

votes

views

icelava

asked a month ago

My aws SES production access is denied

Hello, I've been trying for production access for 2 days, I sent email examples, I explained my use case, I was denied anyway, please help case id 10128453131

AWS Identity and Access Management AWS Command Line Interface DevOps Amazon Simple Email Service

answers

-1

votes

views

classisdus

asked a month ago

How to use IAM users, groups and roles with SSO

My organization has no AD nor any IdP that can be used to link AWS SSO to. I see that the SSO identity store has no cf/cli/api feature to manage users. Is there a way to use IAM users, goups and roles in the root account to log into the other organization accounts? If so, how to?

AWS Identity and Access Management AWS Command Line Interface AWS CloudFormation AWS Single Sign-On (SSO)

answers

votes

views

AWS-User-2803420

asked a month ago

S3 sync handling of downloads beyond 36 hours or session token expiry

When downloading large files (e.g. a few TB of data) via S3 CLI, the session token expires beyond 36 hours. I understand from [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) that it's not possible to extend or refresh temporary credentials. I would like to know if s3 sync can resume the same downloading job with a new set of temporary credentials.

Amazon Simple Storage Service AWS Identity and Access Management AWS Command Line Interface Storage

answers

votes

views

Nathaniel Ng

asked a month ago

Delete a specific file within a Lambda function when cannot use Console Code Editor

Hello, I deployed a package on Lambda, but I received the following error: *deployment package of your Lambda function is too large to enable inline code* I found that an extra, unnecessary file ended up in the exported ZIP package that pushed it over the 3 MB console editor limit as described here: https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html#limits-list I'd like to delete that single file from the function without having to remake the entire Lambda function from scratch from a new ZIP file, because of the extensive re-configuration and extra validation work on our end that would be needed to do that. Since I can't access the console editor, however, I cannot simply right click the file and hit Delete like I would normally to delete the file. So my question is: is it possible to check and delete a specific file within a Lambda function when we cannot use the console editor, either through AWS web API or the CLI? Thank you for your help.

AWS Lambda AWS Command Line Interface

answers

votes

views

AWS-User-4313191

asked a month ago

Access key when downloaded as a csv file, doesn't have username field in it, which is needed to configure aws cli

When I created an EC2 instance and for that I created access key and secret key pair, and download the same from aws console site, as a csv file, the file just contains 2 rows, access key and secret key, but don't have username field in it. And when I go into my local ubuntu client shell, and try to configure aws cli there, it asks for the csv file in which my username row also should be given. How come? I've tried many times. Also, I've tried manually inserting my username in the first row of the csv file, but it didn't work. username=BathindaHelper or user name=BathindaHelper none worked.

AWS Identity and Access Management AWS Command Line Interface AWS Secrets Manager

answers

votes

views

BathindaHelper

asked a month ago

[XRT] ERROR: xclRegRW: can't map CU: - when trying to access to read/write register inside the fpga

Hi, Using xrt application and trying to access to read/write register and got this error: [XRT] ERROR: xclRegRW: can't map CU: My xrt.ini contains this content: [Debug] profile=true [Runtime] rw_shared=true runtime_log=console and inside the my code I used those commands: / Read clock count from clk_cnt* registers and unite into 64-bit value // There is issue with [XRT] error : xclRegRW: can't map CU: clock count is 0 xclOpenContext(handle, xclbinId, cuidx, false); xclRegRead(handle, cuidx, clk_cnt_lsb_offset, &clk_cnt_lsb); xclCloseContext(handle, xclbinId, cuidx); xclOpenContext(handle, xclbinId, cuidx, false); xclRegRead(handle, cuidx, clk_cnt_msb_offset, &clk_cnt_msb); xclCloseContext(handle, xclbinId, cuidx); long int clock_count = ((long int)clk_cnt_msb << 32) | (long int)clk_cnt_lsb; std::cout << std::endl << "Clock count is: " << clock_count << std::endl;

AWS Management Console AWS Command Line Interface Amazon EC2 AWS Neuron AWS Marketplace

answers

votes

views

AWS-User-6407709

asked a month ago

SSH from Mac gives error

Executing an SSH commend from Mac terminal with the pathname for the pem file gives an error: Warning: Identity file /Userkeypair.pem not accessible: No such file or directory

AWS Command Line Interface

answers

votes

views

AWS-User-7603971

asked a month ago

S3 bucket access on EC2 Instance using boto3

I have a flask application that needs to access some configuration files stored in s3 and I don't want to stored these in my git repo as there are sensitive information. I want to use boto3 to read in these files into the ec2 instance. **I need to know how I will be able to access those files on s3 using boto3**. The **ec2 instance is authorized to access the s3 bucket** and since the application will be running on the ec2 (that is authorized) is it safe to say that any code run on that instance will also have these access. Note that I am going to run these script to read in these "**config files**" from my **codedeploy "appspec.yml"**. In summary will my codeploy instance be able to use the authorization on my ec2 instance to access the said s3 bucket or **I need to give the codedeploy instance access too**? I am aware I can add my **access keys** in my **environment** on my computer to run this script but how does it work on codedeploy?

Accepted Answer Amazon Simple Storage Service AWS Identity and Access Management AWS Command Line Interface Amazon EC2 Storage

answers

votes

views

AWS-User-GrpKash

asked a month ago

Permission problem in Cloudformation

Cloudformation create-stack generates an Athena access denied while writing error. The problem is generated when writing to the athena-results bucket. I'm logged in with a SSO role with AdministratorAccess access via CLI. I can create the specified object from the command line via "aws s3 cp" and I'm able to execute "aws athena start-query-execution" without trouble. It's only via cloudformation. Bellow the specific error: ResourceStatus: CREATE_FAILED ResourceStatusReason: 'Resource handler returned message: "[Simba][AthenaJDBC](100071) An error has been thrown from the AWS Athena client. Access denied when writing to location: s3://cost-athena-results-123456789012/8fefd451-2a3f-4bc9-881e-84061de8db91.csv [Execution ID: 8fefd451-2a3f-4bc9-881e-84061de8db91]" (RequestToken: b0d4b7d5-998b-6ca8-22c6-657fa2433fe8, HandlerErrorCode: null)' ResourceType: AWS::QuickSight::DataSource

Amazon Athena AWS Identity and Access Management AWS Command Line Interface AWS CloudFormation Cost Optimization

answers

votes

views

AWS-User-5995037

asked a month ago

Please add retry configuration in the create-deployment command

Dear AWS, We need to create greengrass deployments and are using following cli command https://awscli.amazonaws.com/v2/documentation/api/latest/reference/greengrassv2/create-deployment.html. It looks like this option is missing from the command, could you please add it if it's indeed missing or advise on how to add it? Thank you in advance. With best regards

AWS IoT Greengrass AWS Command Line Interface

answers

votes

views

AWS-User-1065028

asked a month ago

What is the suggested method to track user's actions after assuming a cross-account role

I need to be able to guarantee that a user's actions can always be traced back to their account regardless of which role they have assumed in another account. What methods are required to guarantee this for? * Assuming a cross-account role in the console * Assuming a cross-account role via the cli I have run tests and can see that when a user assumes a role in the CLI, temporary credentials are generated. These credentials are seen in CloudTrail logs under responseElements.credentials for the assumeRole event. All future events generated by actions taken in the session include the accessKeyId and I can therefore track all of the actions in this case. Using the web console, the same assumeRole event is generated, also including an accessKeyId. Unfortunately, future actions taken by the user don't include the same accessKeyId. At some point a different access key is generated and the session makes use of this new key. I can't find any way to link the two and therefore am not sure of how to attribute actions taken by the role to the user that assumed the role. I can see that when assuming a role in the console, the user can't change the sts:sessionName and this is always set to their username. Is this the suggested method for tracking actions? Whilst this seems appropriate for roles within the same account, as usernames are not globally unique I am concerned about using this for cross account attribution. It seems placing restrictions on the value of sts:sourceIdentity is not supported when assuming roles in the web console.

AWS Identity and Access Management AWS Management Console AWS Command Line Interface Amazon CloudTrail

answers

votes

views

AWS-User-1977876

asked a month ago

AWS session manager, force requirement of SSH key

Hi, I was able to configure AWS session manager to use SSH keys over session manager tunnel as it is described here -> https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html. But now i need to force user to provide SSH keys, because now, even tho i can use SSH keys to authenticate into the EC2 instance, im still able to to it without providing SSH keys, just by using `aws ssm start-session` command. As i suppose i can add some kind of policy for that, something like: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::accountid:user/test-user" }, "Action": [ "ssm:TerminateSession", "ssm:ResumeSession" ], "Condition": { "StringEquals": { "ssm:StartSession/RequireSSH": "True" ( parameters made up, by me ) } } } ] } ``` But im not sure what should be in the place of `"ssm:StartSession/RequireSSH": "True"`, Any help will be appreciated Joann

Accepted Answer AWS Identity and Access Management AWS Command Line Interface AWS Systems Manager IAM Policies Session Management

answers

votes

views

Joann Babak

asked a month ago

ClientError: An error occurred (UnknownOperationException) when calling the CreateHyperParameterTuningJob operation: The requested operation is not supported in the called region.

Hi Dears, I am building ML model using DeepAR Algorithm. I faced this error while i reached to this point : Error : ClientError: An error occurred (UnknownOperationException) when calling the CreateHyperParameterTuningJob operation: The requested operation is not supported in the called region. ------------------- Code: from sagemaker.tuner import ( IntegerParameter, CategoricalParameter, ContinuousParameter, HyperparameterTuner, ) from sagemaker import image_uris container = image_uris.retrieve(region= 'af-south-1', framework="forecasting-deepar") deepar = sagemaker.estimator.Estimator( container, role, instance_count=1, instance_type="ml.m5.2xlarge", use_spot_instances=True, # use spot instances max_run=1800, # max training time in seconds max_wait=1800, # seconds to wait for spot instance output_path="s3://{}/{}".format(bucket, output_path), sagemaker_session=sess, ) freq = "D" context_length = 300 deepar.set_hyperparameters( time_freq=freq, context_length=str(context_length), prediction_length=str(prediction_length) ) Can you please help in solving the error? I have to do that in af-south-1 region. Thanks Basem hyperparameter_ranges = { "mini_batch_size": IntegerParameter(100, 400), "epochs": IntegerParameter(200, 400), "num_cells": IntegerParameter(30, 100), "likelihood": CategoricalParameter(["negative-binomial", "student-T"]), "learning_rate": ContinuousParameter(0.0001, 0.1), } objective_metric_name = "test:RMSE" tuner = HyperparameterTuner( deepar, objective_metric_name, hyperparameter_ranges, max_jobs=10, strategy="Bayesian", objective_type="Minimize", max_parallel_jobs=10, early_stopping_type="Auto", ) s3_input_train = sagemaker.inputs.TrainingInput( s3_data="s3://{}/{}/train/".format(bucket, prefix), content_type="json" ) s3_input_test = sagemaker.inputs.TrainingInput( s3_data="s3://{}/{}/test/".format(bucket, prefix), content_type="json" ) tuner.fit({"train": s3_input_train, "test": s3_input_test}, include_cls_metadata=False) tuner.wait()

Accepted Answer Amazon SageMaker AWS Command Line Interface Machine Learning & AI Spot Instances

answers

votes

views

Basem

asked a month ago

Pinpoint Creating Segment API upload file

Hi everyone. I am using node to programmatically create segments in pinpoint.. sdk of createImportJob method needs parameter S3 ("S3 file localed")..however I would like to upload directly without uploading to S3 first like console interface does.. Is there some option? Thanks

Amazon Simple Storage Service AWS Command Line Interface Amazon Pinpoint

answers

votes

views

elidexter

asked a month ago

No such file or directory /.bashrc

Good afternoon dear experts. Help solve the issue. I run the sh file (with rights) through the terminal, I get No such file or directory /.bashrc Google didn't help. I'm beating this wall for the 3rd evening). sh file content: source ~/.bashrc cd ~/data python file.py Contents of the .bashrc file: "# .bashrc" export PATH="~/.pyenv/bin:$PATH" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi "# Uncomment the following line if you don't like systemctl's auto-paging feature:" "# export SYSTEMD_PAGER=" "# User specific aliases and functi" "# >>> conda initialize >>>" "# !! Contents within this block are managed by 'conda init' !!" __conda_setup="$('/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else if [ -f "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" ]; then . "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" else export PATH="/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin:$PATH" fi fi unset __conda_setup "# <<< conda initialize <<<"

Linux Provisioning AWS Command Line Interface AWS AppConfig AWS Chatbot AWS App Runner

answers

votes

views

AWS-User-7714164

asked 2 months ago

Failed to communicate with the Amplify CLI. You can try again by running

When I try to run amplify configure --appId d10mb56cnqd9cv --envName staging I get this error message. Failed to communicate with the Amplify CLI. You can try again by running: Earlier I noticed that it does not work when using brave browser. But now I am using chrome browser. Even with this browser I got this error. I am using ubuntu 22.04 linux on my laptop. Please help me.

AWS Amplify AWS Command Line Interface AWS Amplify Studio

answers

votes

views

AWS-User-4573028

asked 2 months ago

NextToken from ExecuteStatement returns error "NextToken does not match request" in Lambda function

Running into issue with [ExecuteStatement](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ExecuteStatement.html). The result returned both "LastEvaluatedKey" and "NextToken" but when we fed it into the next "ExecuteStatement" as part of "input", we keep getting an error "NextToken does not match request". ``` const input = { Statement: '...', Parameter: [...] }; let end = false; let nextInput = input; while (!end) { const { LastEvaluatedKey, NextToken, ...rest } = await new ExecuteStatementCommand(nextInput); LastEvaluatedKey === undefined ? end = true : nextInput = { NextToken, ...input }; } ``` Saw this other [question regarding LastEvaluatedKey](https://www.repost.aws/questions/QUgNPbBYWiRoOlMsJv-XzrWg/how-to-use-last-evaluated-key-in-execute-statement-request) which was helpful. However, the proposed solution does not work as our key value is date based (i.e. pulling data based on a date range). So, the query result ended with numerous duplicate items created on same date.

AWS Lambda AWS Command Line Interface Amazon DynamoDB

answers

votes

views

AWS-User-810139049822

asked 2 months ago

Possible CLI Bug: Dynamo DB endpoint URL does not work locally with active and correct credentials set

**Summary**: Dynamo DB commands from the CLI do not work when real credentials are set up. The 'endpoint-url' flag should work around this and recognize that localhost endpoints can be hit with no credentials given the default setup of the AWS Dynamo Docker image. Output of command after setting credentials: `An error occurred (ResourceNotFoundException) when calling the DescribeTable operation: Cannot do operations on a non-existent table` Is there a fix or workaround for this? **System**: MacOS Monterey version 12.0.1, Macbook Pro - M1 - 2020 ``` 'aws --version' -> aws-cli/2.4.11 Python/3.9.10 Darwin/21.1.0 source/arm64 prompt/off ``` **To reproduce**: -- Start from a terminal that does NOT have AWS Credentials set up via environment variables or anything else -- Start up a local Dynamo DB Instance on Docker: ``` docker pull amazon/dynamodb-local docker run -p 8000:8000 --name=ddblocal -d amazon/dynamodb-local ``` -- Create a table: ``` aws dynamodb create-table --attribute-definitions "[{ \"AttributeName\": \"key\", \"AttributeType\": \"S\"}, { \"AttributeName\": \"valueA\", \"AttributeType\": \"S\"}]" --table-name test_table --key-schema "[{\"AttributeName\": \"key\", \"KeyType\": \"HASH\"}, {\"AttributeName\": \"valueA\", \"KeyType\": \"RANGE\"}]" --endpoint-url "http://localhost:8000" --provisioned-throughput "{\"ReadCapacityUnits\": 100, \"WriteCapacityUnits\": 100}" --region local ``` -- Query the table (to prove it works): ``` aws dynamodb describe-table --table-name test_table --region local --endpoint-url "http://localhost:8000" ``` -- Set your real AWS Credentials: ``` export AWS_ACCESS_KEY_ID="<REAL KEY ID HERE>" export AWS_SECRET_ACCESS_KEY="<REAL SECRET KEY HERE>" export AWS_SESSION_TOKEN="REAL TOKEN HERE>" ``` -- Query the table again (This one fails for me - see output above) ``` aws dynamodb describe-table --table-name test_table --region local --endpoint-url "http://localhost:8000" ```

AWS Command Line Interface Amazon DynamoDB

answers

votes

views

Jaera

asked 2 months ago

RDP credential were use to connect did not work, please enter new credential

Hi all, Last 2 weeks i am facing Remote desktop connection problem. I am new in AWS. A few day back, I had received an account suspension mail because of payment due. I made all the payment done. Now i am getting this error on login with RDP. "RDP credential were use to connect did not work, please enter new credential " During this I followed some steps to solve the error: 1.) My Security Group setting:- Inbound rules are:- Http, Https, SSH, RDP, all TCP, All Traffic, Custom TCP for IPV4 and IPV6. Outbound Rules are: All Traffic, HTTP, Custom TCP, HTTPS, SSH for IPV4 and IPV6. 2.) IAM Manager :- Create Role for AmazonEc2RoleforSSM Policy This My Inline Policy ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:PutParameter" ], "Resource": [ "arn:aws:ssm:us-east-2:939764493069:parameter/EC2Rescue/Passwords/i-063933c590287f4d2" ] } ] } ``` 3.) By using System Manager Run command, Changed the current password of windows as well but it's not working. 4.) Also Tried to ping the Public IPv4 address from the local machine but it's working. firewall also take off. 5.) Also tried changing internet service provider. I don't know what am I doing wrong. Is my account is isolated ? Is my setting is wrong? Could you please provide solution.

AWS Command Line Interface AWS Firewall Manager Windows Provisioning Security Group IPv6

answers

votes

views

AWS-User-3994205

asked 2 months ago

Help with copying s3 bucket to another location missing objects

Hello All, Today I was trying to copy a directory from one location to another, and was using the following command to execute my copy. aws s3 s3://bucketname/directory/ s3://bucketname/directory/subdirectory --recursive The copy took overnight to complete because it was 16.4TB in size, but when I got into work the next day, it was done, or at least it had completed. But when I do a compare between the two locations I get the following bucketname/directory/ 103,690 objects - 16.4TB bucketname/directory/subdirectory/ 103,650 - 16.4TB So there is a 40 object difference between the source location and the destination location. I tried using the following command to copy over the files that were missing aws s3 sync s3://bucketname/directory/ s3://bucket/directory/subdirectory/ which returned no results. It sat for a while maybe like 2 minutes or so, and then just returned to the next line. I am at my wits end trying to copy of the missing objects, and my boss thinks that I lost the data, so I need to figure out a way to get the difference between the source and destination copied over. If anyone could help me with this, I would REALY appreciate it. I am a newbie with AWS, so I may not understand everything that I am told, but I will try anything to get this resolved. I am doing all the commands through an EC2 instance that I am ssh into, and then use AWS CLI commands. Thanks to anyone who might be able to help me. Take care, -Tired & Frustrated :)

Amazon Simple Storage Service AWS DataSync AWS Command Line Interface Storage

answers

votes

views

AWS-User-1139934

asked 2 months ago

botocore ReadTimeoutError while calling QBSolv on D-Wave's Quantum Annealer

Hello, I submitted a QUBO to the Quantum Annealer from D-Wave via Amazon Braket. I used the QBSolv solver and my local Python IDE. Unfortunately, I received the "botocore ReadTimeoutError". Is there a way to increase the boto reading time within my local Python script to avoid this error? Thank you.

Amazon Braket AWS Command Line Interface

answers

votes

views

AWS-User-5461241

asked 2 months ago

AWS bearer token authentication issue

I have a requirement to get data from aws using IAM API's , so I have access key , secret key , base url , service name and region of aws account we are trying to authenticate with bearer token , but we are getting the following error , I have generated bearer token using aws cli. URL : https://iam.amazonaws.com/?Action=ListGroups&Version=2010-05-08&access_token=<<token>> https://iam.amazonaws.com/?Action=ListGroups&Version=2010-05-08&Authorization=Bearer <<token>> Error : is not valid; the value of a query string parameter may not contain a '=' delimiter

AWS Identity and Access Management Amazon API Gateway AWS Command Line Interface

answers

votes

views

AWS-User-3687863

asked 2 months ago

Manual remediation config works, automatic remediation config fails

SOLVED! There was a syntax problem in the runbook, that is not detected when manually remediating. In the content of the remediation doc (that was created using Cloudformation), I used a parameter declaration: parameters: InstanceID: type: 'AWS::EC2::Instance::Id' It should be: parameters: InstanceID: type: String ===================================================================================== I have a remediation runbook that creates Cloudwatch alarms for the metric 'CPUUtilization' for any EC2 instances that have none defined. The runbook is configured as a remediation document for a config rule that checks for the absence of such alarms. When I configure the remediation on the rule as manual, all goes well. When I configure the remediation with the exact same runbook as automatic, the remediation fails with this error (snippet): "StepDetails": [ { "Name": "Initialization", "State": "FAILED", "ErrorMessage": "Invalid Automation document content for Create-CloudWatch-Alarm-EC2-CPUUtilization", "StartTime": "2022-05-09T17:30:02.361000+02:00", "StopTime": "2022-05-09T17:30:02.361000+02:00" } ], This is the remediation configuration for the automatic remediation. The only difference with the manual remediation configuration is obviously the value for key "Automatic" being "false" { "RemediationConfigurations": [ { "ConfigRuleName": "rul-ensure-cloudwatch-alarm-ec2-cpuutilization-exists", "TargetType": "SSM_DOCUMENT", "TargetId": "Create-CloudWatch-Alarm-EC2-CPUUtilization", "TargetVersion": "$DEFAULT", "Parameters": { "AutomationAssumeRole": { "StaticValue": { "Values": [ "arn:aws:iam::123456789012:role/rol_ssm_full_access_to_cloudwatch" ] } }, "ComparisonOperator": { "StaticValue": { "Values": [ "GreaterThanThreshold" ] } }, "InstanceID": { "ResourceValue": { "Value": "RESOURCE_ID" } }, "Period": { "StaticValue": { "Values": [ "300" ] } }, "Statistic": { "StaticValue": { "Values": [ "Average" ] } }, "Threshold": { "StaticValue": { "Values": [ "10" ] } } }, "Automatic": true, "MaximumAutomaticAttempts": 5, "RetryAttemptSeconds": 60, "Arn": "arn:aws:config:eu-west-2:123456789012:remediation-configuration/rul-ensure-cloudwatch-alarm-ec2-cpuutilization-exists/5e3a81a7-fc55-4cbe-ad75-6b27be8da79a" } ] } The error message is rather cryptic, I can't find documentation on possible root causes. Any suggestions would be very welcome! Thanks!

AWS Config AWS Command Line Interface Amazon CloudWatch Amazon CloudTrail

answers

votes

views

AWS-User-A862173

asked 2 months ago

How do I create a role for AWS Batch using the CLI

How do I create a role for AWS Batch jobs on EC2 using the CLI? The role needs to have read-write permissions to an S3 bucket, e.g. s3://mybucket234. The role will be needed for the "aws batch create-compute-environment" command.

AWS Identity and Access Management AWS Command Line Interface AWS Batch

answers

votes

views

Nathaniel

asked 2 months ago

s3 create Presigned Multipart Upload URL using API

I'm trying to use the AWS S3 API to perform a multi-part upload with Signed URLs. This will allow us to send a request to the server (which is configured with the correct credentials), and then return a pre-signed URL to the client (which will not have credentials configured). The client should then be able to complete the request, computing subsequent signatures as appropriate. This appears to be possible as per the AWS S3 documentation: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html Signature Calculations for the Authorization Header: Transferring Payload in Multiple Chunks (Chunked Upload) (AWS Signature Version 4) - Amazon Simple Storage Service - AWS Documentation As described in the Overview, when authenticating requests using the Authorization header, you have an option of uploading the payload in chunks. You can send data in fixed size or variable size chunks. This section describes the signature calculation process in chunked upload, how you create the chunk body, and how the delayed signing works where you first upload the chunk, and send its ... docs.aws.amazon.com The main caveat here is that it seems to need the Content-Length up front, but we won't know the value of that as we'll be streaming the value. Is there a way for us to use signed URLs to do multipart upload without knowing the length of the blob to be uploaded beforehand?

Amazon Simple Storage Service AWS Command Line Interface Storage presigned URL

answers

votes

views

AWS-User-1802444

asked 2 months ago

Errors compiling code with the C++ AWSSDK

I am getting the errors: 1>error LNK2001: unresolved external symbol "__declspec(dllimport) void __cdecl Aws::InitAPI(struct Aws::SDKOptions const &)" (__imp_?InitAPI@Aws@@YAXAEBUSDKOptions@1@@Z) 1>error LNK2001: unresolved external symbol "__declspec(dllimport) public: __cdecl Aws::Client::ClientConfiguration::ClientConfiguration(void)" (__imp_??0ClientConfiguration@Client@Aws@@QEAA@XZ) . . . 1> fatal error LNK1120: 21 unresolved externals I am building my application with VS2019 but with the VS2015 runtime libraries (v140). 64 bit release and debug. Multi-threaded libraries (/MT) I used vcpkg to obtain the AWSSDK and I believe I built the SDK to match my configuration. I am linking with aws-cpp-sdk-s3.lib;aws-cpp-sdk-core.lib. I am defining USE_WINDOWS_DLL_SEMANTICS and USE_IMPORT_EXPORT in my code Any suggestions would be much appreciated. Thank you.

AWS Command Line Interface DevOps Microservices

answers

votes

views

AWS-User-3931491

asked 2 months ago

Can't Configure Route53 for LightSail (Wordpress Site)

I have followed the [prescribed procedure](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-route-53-alias-record-for-container-service#route-53-container-service-create-record-set-json) to configure Route53 to make our site live. I created a .json file with the required information: - LightsailContainerServiceHostedZoneID - hosted zone ID - PathToJsonFile However, I am stuck when trying to execute the following commend : ``` aws route53 change-resource-record-sets --hosted-zone-id XXXXXXXXXXXXXX --change-batch file:///{User}/Downloads/Route53/change-resource-record-sets.json ``` I get the same errors: - `Error parsing parameter '--change-batch': Unable to load paramfile file:///{User}/Downloads/Route53/change-resource-record-sets.json: [Errno 2] No such file or directory: '/{User}/Downloads/Route53/change-resource-record-sets.json'` Local Machine is MacOS. Could be just my ignorance to find the correct local path.

Amazon Lightsail AWS Command Line Interface Amazon Route 53

answers

votes

views

AWS-User-2701108

asked 2 months ago

Docker Alternatives for SAM CLI

Hi, does anyone know of any good Docker alternatives (that use the Docker runtime) for Windows to use with the SAM CLI for local development / testing? I'm asking this based on the note in the SAM CLI installation page (https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install-windows.html) which I've pasted below: **Note** We officially support Docker Desktop but, starting with SAM CLI version 1.47.0, you can use alternatives as long as they use the Docker runtime. I'm fairly new to AWS and am a total beginner with Serverless. Thanks

Serverless AWS Command Line Interface

answers

votes

views

steve-w

asked 2 months ago

How to build an event-driven Journey in Pinpoint

Simple question: How I can trigger a Journey by an event to start with processing the endpoint? I need help to build a Journey exactly the same process how AWS use it to resgister for this AWS:Post site. From a Journey, I have an event as a starting point. I assume, I have to point to a attribute inside the endpoint like Attributes.hastoSendVerifyMail = false for the beginning. I understand, if I modify the attributes.hastoSendVerifyMail = true, this event will start my Journey. Possible I understand this function in a wrong way. Following this does not help me to get a clear picture how to get it to work: https://docs.aws.amazon.com/pinpoint/latest/userguide/journeys-entry-activity.html

AWS Command Line Interface Amazon Pinpoint

answers

votes

views

ADiedler1979

asked 2 months ago

Error when running vsock_sample AWS nitro tutorial

I have configured and build the enclave instance as per https://docs.aws.amazon.com/enclaves/latest/user/enclaves-user.pdf . But when I tried to run in it throws the following error ``` $ nitro-cli run-enclave --eif-path vsock_sample.eif --cpu-count 2 --enclave-cid 6 --memory 512 --debug-mode Start allocating memory... Started enclave with enclave-cid: 6, memory: 512 MiB, cpu-ids: [1, 5] [ E36 ] Enclave boot failure. Such error appears when attempting to receive the `ready` signal from a freshly booted enclave. It arises in several contexts, for instance, when the enclave is booted from an invalid EIF file and the enclave process immediately exits, failing to submit the `ready` signal. In this case, the error backtrace provides detailed information on what specifically failed during the enclave boot process. For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E36 If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2022-04-27T03:41:39.495653281+00:00.log" Failed connections: 1 [ E39 ] Enclave process connection failure. Such error appears when the enclave manager fails to connect to at least one enclave process for retrieving the description information. For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E39 If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2022-04-27T03:41:39.495889864+00:00.log" ``` Action: Run Enclave Subactions: Failed to handle all enclave process replies Failed to connect to 1 enclave processes Root error file: src/enclave_proc_comm.rs Root error line: 349 Build commit: not available ``` How to fix this error ?

AWS Command Line Interface Amazon EC2

answers

votes

views

c02f2e

asked 2 months ago

Query EKS node information with Python Boto3 or AWS CLI

I've been trying to pull the container runtime programmatically with the AWS CLI or Boto3, but haven't been able to find a specific class or method that provides the information I'm looking for. The information I'm looking for is documented here on line item number 4.: https://docs.aws.amazon.com/eks/latest/userguide/view-nodes.html I've searched through the EKS client class in boto3 documentation and haven't found anything that would get more granular than using describe_cluster() and into the node details: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/eks.html As far as infrastructure goes, I followed the exact example from the AWS documentation for setting up EKS with fargate nodes: https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html I can see on the nodes page that it includes all the information I'm looking for, but I'm not sure what class would provide me that information programmatically. The intent is to pull container runtimes across all EKS clusters from multiple AWS accounts. Thanks!

Accepted Answer AWS Command Line Interface Amazon Elastic Kubernetes Service

answers

votes

views

Curtis

asked 2 months ago

An unknown error on snapshot upgrade for PostgreSQL

Hi, I have a manual snapshot created from a DB instance running on PostgreSQL 10.20 engine. I want to use this snapshot for creating a new DB instance that will run on PostgreSQL 14.2 through Cloud Formation. Since this snapshot is created from a different PostgreSQL version, I need to upgrade it first to 14.2 before I initiate the create operation (the stack creation fails otherwise). The snapshot upgrade fails as well with: ``` errorCode: InternalFailure errorMessage: An unknown error occurred ``` I was upgrading the snapshot through AWS CLI (``aws rds modify-db-snapshot`` command) and AWS console, but in both cases, it fails the same way.

PostgreSQL AWS Command Line Interface

answers

votes

views

AWS-User-7896625

asked 2 months ago

"aws cli cp" command gives inconsistent results

AWS Command Line Interface

answers

votes

views

AWS-User-1056166

asked 2 months ago

Amazon SES Templates listing throwing errors

First of all, apologies if this does not fit the realm of the questions we ought to ask or if I should've searched a bit more. I am getting an error when listing my Email Templates in AWS SES. Not only in the AWS dashboard but, as I'm running a periodic task querying the API for that list, it gets the same error. Is this something that could be happening to everyone thus being an issue AWS ought to sort out or is this something that might actually be related to my account only and should be taken directly to support? The error message comes in a red flag at the top of the screen saying: "x The input you provided is invalid Invalid PageToken <the token>" Thanks in advance.

AWS Management Console AWS Command Line Interface Amazon Simple Email Service

answers

votes

views

AWS-User-9328977

asked 2 months ago

AWS SAM/CloudFormation Internal Failure when Creating a Changeset

I am building an application and using the AWS SAM CLI to upload my template to CloudFormation. I haven't changed the template and only update that was put on the application was an IAM role(AWSIAMDetachRolePolicy), and after that was done the following error message occurs when `sam deploy` is used: `Error: Failed to create change-set for the stack: , An error occurred (InternalFailure) when calling the CreateChangeSet operation (reached max retries: 4): Unknown`. I have looked through the CloudTrail logs to see if I could find anymore information but the only info that is provided is "errorMessage": "An unknown error occurred". Any advice would be greatly appreciated

AWS Command Line Interface AWS CloudFormation

answers

votes

views

AWS-User-3895164

asked 2 months ago

Can't see EBS Snapshot tags from other accounts

Hi, I have private snapshots in one account (source) that I have shared with another account (target). I am able to see the snapshots themselves from the target account, but the tags are not available, neither on the console nor via the cli. This makes it impossible to filter for a desired snapshot from the target account. For background, the user in the target account has the following policy in effect: ``` "Effect": "Allow", "Action": "ec2:*", "Resource": "*" ``` Here's an example of what I'm seeing; from the source account: ``` $ aws --region us-east-2 ec2 describe-snapshots --snapshot-ids snap-XXXXX { "Snapshots": [ { "Description": "snapshot for testing", "VolumeSize": 50, "Tags": [ { "Value": "test-snapshot", "Key": "Name" } ], "Encrypted": true, "VolumeId": "vol-XXXXX", "State": "completed", "KmsKeyId": "arn:aws:kms:us-east-2:XXXXX:key/mrk-XXXXX", "StartTime": "2022-04-19T18:29:36.069Z", "Progress": "100%", "OwnerId": "XXXXX", "SnapshotId": "snap-XXXXX" } ] } ``` but from the target account ``` $ aws --region us-east-2 ec2 describe-snapshots --owner-ids 012345678900 --snapshot-ids snap-11111111111111111 { "Snapshots": [ { "Description": "snapshot for testing", "VolumeSize": 50, "Encrypted": true, "VolumeId": "vol-22222222222222222", "State": "completed", "KmsKeyId": "arn:aws:kms:us-east-2:012345678900:key/mrk-00000000000000000000000000000000", "StartTime": "2022-04-19T18:29:36.069Z", "Progress": "100%", "OwnerId": "012345678900", "SnapshotId": "snap-11111111111111111" } ] } ``` Any ideas on what's going on here? Cheers!

Accepted Answer AWS Identity and Access Management AWS Command Line Interface Amazon Elastic Block Store

answers

votes

views

Dave Del

asked 2 months ago

Error when creating S3 bucket using aws cli - Unknown options: --object-ownership, BucketOwnerEnforced

Hey all, I'm getting this error when trying to create an s3logging bucket using the aws cli following the instructions found here: https://docs.aws.amazon.com/cli/latest/reference/s3api/create-bucket.html: ``` aws s3api create-bucket \ --bucket s3logs-us-east-1 \ --region us-east-1 \ --object-ownership BucketOwnerEnforced To see help text, you can run: aws help aws <command> help aws <command> <subcommand> help usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters] Unknown options: --object-ownership, BucketOwnerEnforced ``` This is pretty frustrating as I'm LITERALLY just copying and pasting the example found in the documentation and changing the s3 bucket name. This is my aws cli version: ``` aws --version aws-cli/1.19.1 Python/3.9.7 Linux/5.16.15-76051615-generic botocore/1.20.0 ``` Any idea what's going wrong here?

Amazon Simple Storage Service AWS Command Line Interface

answers

votes

views

Justin

asked 2 months ago

Policy IAM user Appstream2.0

Is it possible to give access only to a certain image, stack, or fleet with IAM policies? Do you have any examples? I tried with a policy but it returns this error: > User: arn:aws:iam::xxxxxxxxx:user/xxxxxxxx is not authorized to perform: appstream:DescribeFleets on resource: arn:aws:appstream:eu-central-1:xxxxxxxxxxx:fleet/* because no boundary policy allows the appstream:DescribeFleets action > My need is: in an AWS account, an IAM user must only see some image/fleet/stack. thanks

AWS Identity and Access Management AWS Management Console AWS Command Line Interface Amazon AppStream IAM Policies

answers

votes

views

AWS-User-6631477

asked 2 months ago

Renaming Empty Folders in S3

Hi Experts, I didn't find a similar question asked anywhere else, so spare me and point me if this has been previously asked. I am using AWS Cli to rename folders recursively using mv command in S3. However only those folders which have a file in them are renamed. Empty folders are kept untouched. e.g. consider the following structure a\b\1.txt a\b\2.txt a\b\c\ a\b\c\d\ In case the folder b above is renamed to x, the following will be revised structure. See that last empty folder c is unchanged. a\x\1.txt a\x\2.txt a\b\c\ a\b\c\d\ Is there a way to perform a complete rename, even if it's an empty folder? Any assistance would be appreciated. Regards, Anshul

AWS Command Line Interface

answers

votes

views

AWS-User-8052544

asked 2 months ago

How I can increase the Integration association limit for the Amazon Connect instance?

I have enabled Connect Wisdom in my AWS Connect Instance. The Connect Wisdom is enabled, now I am trying to ingest data that will be displayed in Wisdom when an agent will search there. I am following an AWS tutorial to achieve my intention. You can see the tutorial [https://aws.amazon.com/blogs/contact-center/ingesting-content-to-power-real-time-recommendations-and-search-with-amazon-connect-wisdom/#:~:text=Use%20the%20AWS%20CLI%20to,the%20content%20you%20just%20uploaded]() **Problem** Everything was going smooth but when I run the following AWS CLI command, it throws an error. **Command** ``` aws connect create-integration-association --instance-id 84ec56489-554a-422f-babf-3288d7c8fd04 --integration-type WISDOM_ASSISTANT --integration-arn arn:aws:wisdom:us-east-1:747998786930:assistant/42d03bed-25d2-ee85-a3236-00031ef345345 ``` **Error** ``` An error occurred (InvalidRequestException) when calling the CreateIntegrationAssociation operation: Reached Integration association limit for the Amazon Connect instance. ``` Can someone please guide me? I don't know, how to solve or increase the Integration association limit for the Amazon Connect instance.

AWS Command Line Interface Amazon Connect

answers

votes

views

AWS-User-8471608

asked 2 months ago

Using aws s3api put-object --sse-customer-key-md5 fails with CLI

I'm trying to use aws s3api put-object/get-object with server side encryption with customer keys. I'm using Powershell, but I don't believe that is the source of my issue. On the surface, sse-customer-key-md5 appears to be a pretty simple input: https://docs.aws.amazon.com/cli/latest/reference/s3api/put-object.html Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. put-object works when I don't use --sse-customer-key-md5: >aws s3api put-object ` --bucket abc ` --sse-customer-algorithm AES256 ` --sse-customer-key "testaes256testaes256testaes25612" ` --region us-east-1 ` --key test.pdf ` --body C:\test.pdf > { "SSECustomerKeyMD5": "ezatpv/Yg0KkjX+5ZcsxdQ==", "SSECustomerAlgorithm": "AES256", "ETag": "\"0d44c3df058c4e190bd7b2e6d227be73\"" } I agree with the SSECustomerKeyMD5 result: >$key = "testaes256testaes256testaes25612" $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider $utf8 = new-object -TypeName System.Text.UTF8Encoding $hash = $md5.ComputeHash($utf8.GetBytes($key)) $EncodedString =[Convert]::ToBase64String($hash) Write-Host "Base64 Encoded String: " $EncodedString Base64 Encoded String: ezatpv/Yg0KkjX+5ZcsxdQ== Now I resubmit my put request with the --sse-customer-key-md5 option. Before anyone jumps on the base64 encoding, I've tried submitting the MD5 hash in Base64, Hexidecimal (With and without delimiters), JSON of the MD5 hash result, and upper case and lower case versions of the aforementioned. None work. Has anyone gotten this to work and, if so, format did you use? >aws s3api put-object ` --bucket abc ` --sse-customer-algorithm AES256 ` --sse-customer-key "testaes256testaes256testaes25612" ` --sse-customer-key-md5 "ezatpv/Yg0KkjX+5ZcsxdQ==" ` --region us-east-1 ` --key test.pdf ` --body C:\test.pdf > aws : At line:1 char:1 + aws s3api put-object ` + ~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError An error occurred (InvalidArgument) when calling the PutObject operation: The calculated MD5 hash of the key did not match the hash that was provided. Thanks

AWS Command Line Interface Management & Governance Storage Encryption

answers

votes

views

keebs

asked 2 months ago

AWS CLI Updating Network Firewall Rules

I've been trying to determine a method to streamline/automate the updating of AWS Network firewall rules. The AWS CLI looked promising but I've consistently seen failure when trying to push a new ruleset. For example, running the command: aws network-firewall describe-rule-group --rule-group-arn <arn> Returns the JSON as expected with the content as a flat string: "RuleGroup": { "RulesSource": { "RulesString": "pass http $HOME_NET any -> $EXTERNAL_NET 80 (http.host; dotprefix; content:\".example.com\"; endswith; msg:\"Allowed HTTP domain\"; sid:1; rev:1;)\npass tls $HOME_NET any -> $EXTERNAL_NET 443 (tls.sni; content:\"example.com\"; startswith; nocase; endswith; msg:\"matching TLS allowlisted FQDNs\"; sid:2; rev:1;)\npass http $HOME_NET any -> $EXTERNAL_NET 80 (http.host; dotprefix; content:\".google.com\"; endswith; msg:\"Allowed HTTP domain\"; sid:3; rev:1;)\npass tls $HOME_NET any -> $EXTERNAL_NET 443 (tls.sni; content:\"www.google.com\"; startswith; nocase; endswith; msg:\"matching TLS allowlisted FQDNs\"; sid:4; rev:1;)\npass http $HOME_NET any -> $EXTERNAL_NET 80 (http.host; dotprefix; content:\".ubuntu.com\"; endswith; msg:\"Allowed HTTP domain\"; sid:5; rev:1;)\npass tls $HOME_NET any -> $EXTERNAL_NET 443 (tls.sni; content:\"ipinfo.io\"; startswith; nocase; endswith; msg:\"matching TLS allowlisted FQDNs\"; sid:6; rev:1;)\npass tcp $HOME_NET any <> $EXTERNAL_NET 80 (flow:not_established; sid:899998; rev:1;)\npass tcp $HOME_NET any <> $EXTERNAL_NET 443 (flow:not_established; sid:899999; rev:1;)" When trying to update the flat string with a new string including more entries though, I receive an error: aws network-firewall update-rule-group --cli-input-yaml file://example.yaml Error received: An error occurred (InvalidRequestException) when calling the UpdateRuleGroup operation: parameter is invalid I've tried the JSON/YAML/CLI methods and I encounter the issue using any of those methods. I've also tried using the --rule-group vs --rules options to update. I suspected there was an issue with string formatting but I've failed to find a resolution. Updating the rules via the console works without issue. Could anyone provide a pointer where I'm going wrong or even a working method they are using? Not too bothered if it is via CLI, SDK etc. as I may revert to python as it is the language I know best.

AWS Network Firewall AWS Command Line Interface

answers

votes

views

Dave

asked 3 months ago

Preserve aws deployment state in a file and then use to redeploy.

How can we achieve following? Is there a command/cli for doing this: Preserve aws deployment state in a file and then use to redeploy. Use this file to deploy and clean and then redploy to bring in same running instances and services. Can we use Sam or another command to save the state in a yaml or a similar file? 1. command save-state <aws-state.yaml> 2. command clean-existing-state //wipes and cleans off aws deployed state, can probably turn off or even remove 3. command restore-state <aws-state.yaml> 4. vim aws-state.yaml //manually make certain changes 5. command clean-existing-state 6. command restore-state <aws-state.yaml> //redploy updated state Thanks

AWS Command Line Interface

answers

votes

views

rejji

asked 3 months ago

Formatting IAM policy to grant S3 external permission

Hello, I (account #A) have given access to an external account (account #B) in an S3 bucket with the canonical ID. However, and when I try to download a file to an EC2 bucket, it's still producing the error: ``` fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden ``` I'm trying to follow the instructions at https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/. I think that points 2 and 3 have been taken care of (although I used the console). The issue is that for point 1, I'm starting from https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html and the JSON policy reads: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::***********:user/********" }, "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::cmaq-database/*" } ] } ``` However, the console is not accepting it claiming: '*This policy contains the following error: Has prohibited field Principal*." Thanks.

Amazon Simple Storage Service Security Identity & Compliance AWS Identity and Access Management AWS Management Console AWS Command Line Interface

answers

votes

views

afody

asked 3 months ago

Public access downloading from bucket

Hello, I have given public access to everyone in an S3 bucket (it's a temporal thing and the only object is a simple file). However, and when I try to download the file (using an external account for testing) with: ``` $ aws s3 cp --no-sign-request s3://BUCKET/OBJECT /home/ubuntu ``` I'm still getting the error: ``` fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden ``` In the permissions tab (for the bucket), it has Access: Public, Block all public access: Off, ACL Everyone (public access): List (Objects) and Read (Bucket ACL). I can list the bucket content but not make a copy. What else do I need to do to enable downloading the objects? Thanks.

Accepted Answer Amazon Simple Storage Service AWS Command Line Interface

answers

votes

views

afody

asked 3 months ago

WAF list_web_acls works with CLI but returns empty array with Boto3 inside lambda

I have some WebACLs in WAF that I want to list from a Lambda function. (I have the Regional WebACL in eu-central-1) **My lambda handler:** ``` def lambda_handler(event, context): waf_client = boto3.client( "wafv2", aws_access_key_id="SOME_ACCESS_KEY_ID", aws_secret_access_key="SOME_SECRET_ACCESS_KEY", region_name="eu-central-1" ) return waf_client.list_web_acls(Scope="REGIONAL") ``` **Lambda Result:** ``` { "WebACLs": [], "ResponseMetadata": {...} } ``` --- **CLI command that works:** ` aws wafv2 list-web-acls --scope=REGIONAL --region=eu-central-1` **Result:** ``` { "NextMarker": "something", "WebACLs": [ { "Name": "something", "Id": "hash1", "Description": "", "LockToken": "hash2", "ARN": "arn:aws:wafv2:eu-central-1:accountid:regional/webacl/something/hash1" } ] } ``` --- Am I missing something here or the Boto3 WAF client is not behaving as expected?

Accepted Answer AWS WAF AWS Lambda AWS Command Line Interface

answers

votes

views

AWS-User-4075032

asked 3 months ago

How to assign role for a group of users

Hello, I'm writing terraform manifest, i create roles,groups, users, and assigned users to those groups, now i want to assign roles to groups, i was not able to find anything about that by googling, except this https://registry.terraform.io/modules/terraform-aws-modules/iam/aws/latest/examples/iam-group-with-assumable-roles-policy, which apparently doesn't do what i need. Any suggestions? is it even possible?

Accepted Answer AWS Identity and Access Management AWS Command Line Interface IAM Policies

answers

votes

views

Joann Babak

asked 3 months ago

Aws Iot Device Client Setup not working

Accepted Answer AWS Command Line Interface Internet of Things AWS IoT Device Management

answers

votes

views

Subham Agrawal

asked 3 months ago

VM Export: An error occurred (Invalid Parameter) when calling the ExportImage operation: Access denied to the bucket

Trying to export the VM with the following command ``` aws ec2 export-image \ --image-id ami-02c7de82603c5f32e \ --disk-image-format VMDK \ --s3-export-location S3Bucket=auditor-updates,S3Prefix=export/ ``` And getting the following error: `An error occurred (InvalidParameter) when calling the ExportImage operation: Access denied to the bucket auditor-updates` The bucket and the folder definitely exist, typo is impossible. I launched the command under the AWS CLI credentials corresponding to the DevOps role, however, I also tried root access just to make sure actual account permissions are not the reason.

Amazon Simple Storage Service AWS Identity and Access Management AWS Command Line Interface

answers

votes

views

Vector-t13

asked 3 months ago

VM Export: An error occurred (InvalidParameter) when calling the ExportImage operation: The image ID provided does not exist

I'm trying to export the image of an EC2 VM: t2.medium, Ubuntu 20.04 LTS. The instance is stopped during the operation. I created the [vmimport role](https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role), created a service role and a role policy as described. AWS CLI credentials correspond to a DevOps role, which should be sufficient for the operation. The resulting command looks like ``` aws ec2 export-image \ --image-id ami-09e67e426f25ce0d7 \ --disk-image-format VMDK \ --s3-export-location S3Bucket=auditor-updates,S3Prefix=export/ ``` Command returns the error `An error occurred (InvalidParameter) when calling the ExportImage operation: The image ID (ami-09e67e426f25ce0d7) provided does not exist` AMI ID typo is impossible, I just copied it from the instance page of the EC2 console. If I met any export limitations, how do I know which exactly?

AWS Identity and Access Management AWS Command Line Interface Amazon EC2

answers

votes

157

views

Vector-t13

asked 3 months ago

1
90 / page