By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Serverless

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

intermittent performance issues with the OpenSearch cluster

We are having intermittent performance issues with our OpenSearch cluster. There are multiple daily occurrences of long-running OpenSearch queries when executing our lambda function. When this occurs there is record like the example below in the Open Search es-application-logs 2022-09-09T11:37:35.083-04:00 [2022-09-09T08:37:34,853][WARN ][o.o.t.TransportService ] [09122640e72c461b2c57179fcc08d339] Received response for a request that has timed out, sent [44029ms] ago, timed out [24016ms] ago, action [__PATH__], node [{d52117a284ca0ada6bd69784bbd8a8c5} {ekzv2YqtT8q7b-TVvXGKEQ} {aGQCli5rTFKAeGjWRihvTQ} {_IP} {IP_} {dimr} {dp_version=20210501, distributed_snapshot_deletion_enabled=false, cold_enabled=false, adv_sec_enabled=true, _AMAZON_INTERNAL, cross_cluster_transport_address=IP, shard_indexing_pressure_enabled=true, __AMAZON_INTERNAL_} ], id [3986058] Normally these queries complete with sub second response times. The impact to our application is that occasionally requests to API Gateway are timing out due to the long running Lambda and results in 504 Gateway Timeout being returned to the API consumer. Here is an example of the OpenSearch HTTP request { "method": "POST", "hostname": "vpc-tycc-analytics-dev-os-qs4p2rpyars2oacibpdih4ctmu.ca-central-1.es.amazonaws.com", "query": { "size": "500", "_source": [ "CurrentAgentSnapshot" ], "sort": "CurrentAgentSnapshot.Configuration.Username:asc" }, "headers": { "Content-Type": "application/json", "host": "vpc-tycc-analytics-dev-os-qs4p2rpyars2oacibpdih4ctmu.ca-central-1.es.amazonaws.com" }, "body": "{\"query\":{\"bool\":{\"must_not\":{\"term\":{\"CurrentAgentSnapshot.Configuration.RoutingProfile.Name\":\"Basic Routing Profile\"}}}}}", "protocol": "https:", "path": "/agent-records-real-time-alias/_search" } Are you able to please investigate and provide feedback as to what is causing the performance issue along with remediation action. Let me know if you require additional information. Thanks, BTW The following is out cluster specification: • Deployment type: Dev/Test • OS version: 1.2 (latest) • Availability Zones: 1AZ • Instance type: t3.small.search • Number of nodes: 2 • Storage type: EBS • EBS volume type: General Purpose (SSD) - gp2 EBS storage size per node: 10 GB
0
answers
0
votes
5
views
asked 6 hours ago

Powershell Lambda for AD failing with "A parameter cannot be found that matches parameter name 'Culture'"

I am attempting to create a Powershell Lambda, which runs this script to alert AD users of expiring passwords via SES: #Requires –Modules ActiveDirectory #Requires -Modules @{ModuleName='AWSPowerShell.NetCore';ModuleVersion='3.3.283.0'} $pwd = ConvertTo-SecureString 'XXXXXXXXX' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential('XXXXXXXXXXX', $pwd) Get-ADUser -Filter * -Server XXXXXXXXXX -SearchBase "OU=User,OU=TestADManagement,OU=TestOU,DC=XXXXXXXXXXX,DC=com" -Properties Name, mail, Enabled, AccountExpirationDate, AccountExpires, msDS-UserPasswordExpiryTimeComputed -Credential $cred | Select-Object -Property Name, mail, AccountExpirationDate, AccountExpires, Enabled, @{Name="PasswordExpiry"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Where-Object {(($_.AccountExpirationDate -gt (Get-Date)) -or ($_.AccountExpires -eq '0') -or ($_.AccountExpires -eq '9223372036854775807')) -and $_.Enabled -eq $true -and ($_.PasswordExpiry -lt ((Get-Date).AddDays(87))) -and $_.PasswordExpiry -notlike "12/31/1600*" } | ForEach-Object {$timediff = New-Timespan -Start (Get-Date) -End $_.PasswordExpiry; Send-SES2Email -FromEmailAddress "sergey.gankin@veolia.com" -Destination_ToAddress $_.mail -Text_Data "Hello $($_.Name), your password will expire in $($timediff.Days) days!" -Subject_Data "Password Expiring"} The script itself runs successfully, the Lambda gets created and successfully hosted in a VPC, but when attempting to execute the Lambda, it throws the following error: { "errorType": "CmdletInvocationException", "errorMessage": "A parameter cannot be found that matches parameter name 'Culture'.", "stackTrace": [ "at Amazon.Lambda.PowerShellHost.PowerShellFunctionHost.ExecuteFunction(Stream inputStream, ILambdaContext context)", "at lambda_method18(Closure , Stream , ILambdaContext , Stream )", "at Amazon.Lambda.RuntimeSupport.Bootstrap.UserCodeLoader.Invoke(Stream lambdaData, ILambdaContext lambdaContext, Stream outStream) in /src/Repo/Libraries/src/Amazon.Lambda.RuntimeSupport/Bootstrap/UserCodeLoader.cs:line 145", "at Amazon.Lambda.RuntimeSupport.HandlerWrapper.<>c__DisplayClass8_0.<GetHandlerWrapper>b__0(InvocationRequest invocation) in /src/Repo/Libraries/src/Amazon.Lambda.RuntimeSupport/Bootstrap/HandlerWrapper.cs:line 56", "at Amazon.Lambda.RuntimeSupport.LambdaBootstrap.InvokeOnceAsync(CancellationToken cancellationToken) in /src/Repo/Libraries/src/Amazon.Lambda.RuntimeSupport/Bootstrap/LambdaBootstrap.cs:line 176" ], "cause": { "errorType": "ParameterBindingException", "errorMessage": "A parameter cannot be found that matches parameter name 'Culture'.", "stackTrace": [ "at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)", "at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)", "at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)", "at System.Management.Automation.PSScriptCmdlet.DoEndProcessing()", "at System.Management.Automation.CommandProcessorBase.Complete()" ] } } I've tired creating the Lambda with Powershell 7 and Powershell 6, but getting the same error, although the ActiveDirectory module appears to import just fine. I've also tried requiring AWSPowerShell.NetCore and AWS.Tools.Common (separately, because together, they generate a "module by this name was already loaded" error), but that made no difference, and requiring Microsoft.PowerShell.Utility, or Microsoft.PowerShell.Management makes the package too large. Please help!
1
answers
0
votes
29
views
asked 2 days ago

cognito verification link to validate users

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed link
0
answers
1
votes
40
views
asked 2 days ago

Add new user to user pool groups as Admin

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrator: - the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes - when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. - the client will receive a link via email to validate the **invitation** - when the client clicks the link (custom Domain link), he validates the invitation In the SDK documentation, I found that a system Admin can add users to the Cognito group using the `adminAddUserToGroup` API call ``` var params = { GroupName: 'STRING_VALUE', /* required */ UserPoolId: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE' /* required */ }; cognitoidentityserviceprovider.adminAddUserToGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); ``` but the `adminAddUserToGroup` API call, only take as params the GroupName, UserPoolId and Username ``` { "GroupName": "string", "Username": "string", "UserPoolId": "string" } ``` - how can I get my user created (with the given name, surname, email, and custom attributes...) with this call: `adminAddUserToGroup`? - the username on the params above is it the sys admin username or the user name of the client to create? - how can I validate the invitation once the client clicks the verification link? - should I create a new lambda that sends the verification link or the API call `adminAddUserToGroup` send the email to the user on our behalf? the critical part is how can the system admin create a new user (with all attributes: given name, email....), via the `adminAddUserToGroup` API call and how can I validate the invitation when the user clicks the verification link? Thank you team for your help!
2
answers
1
votes
37
views
asked 3 days ago
0
answers
0
votes
16
views
asked 3 days ago