Questions tagged with AWS Command Line Interface

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

greengrass component cannot open camera

Hi. I deployed the components of Greengrass v2 to Raspberry Pi. The artifact of my recipe contains the face recognition inference code in the S3 bucket. So I created and deployed the components. The Raspberry pi status is normal, and the components are deployed successfully. But I have an error. In my inference code, there is a task to open and execute the camera connected to the Raspberry Pi4. But it can't open the camera when I deployed it as a component. What should I do? When I run the code on Raspberry Pi4, it runs well, but when I deploy it as a component, it doesn't. Help me!!! The camera connected to my Raspberry pi4 is intel realsense F450 Thank you. Please help me <This is my component's log> 2022-10-24T14:57:40.205Z [INFO] (pool-2-thread-28) com.example.jamesML: shell-runner-start. {scriptName=services.com.example.jamesML.lifecycle.run.script, serviceName=com.example.jamesML, currentState=STARTING, command=["cd /home/pi&&. pracvenv/bin/activate&&cd james_ml&&python3 practice.py"]} 2022-10-24T14:58:11.981Z [WARN] (Copier) com.example.jamesML: stderr. /home/pi/pracvenv/lib/python3.7/site-packages/h5py/__init__.py:40: UserWarning: h5py is running against HDF5 1.10.6 when it was built against 1.10.4, this may cause problems. {scriptName=services.com.example.jamesML.lifecycle.run.script, serviceName=com.example.jamesML, currentState=RUNNING} 2022-10-24T14:58:11.982Z [WARN] (Copier) com.example.jamesML: stderr. '{0}.{1}.{2}'.format(*version.hdf5_built_version_tuple). {scriptName=services.com.example.jamesML.lifecycle.run.script, serviceName=com.example.jamesML, currentState=RUNNING} 2022-10-24T14:58:11.982Z [WARN] (Copier) com.example.jamesML: stderr. WARNING:tensorflow:No training configuration found in the save file, so the model was *not* compiled. Compile it manually.. {scriptName=services.com.example.jamesML.lifecycle.run.script, serviceName=com.example.jamesML, currentState=RUNNING} 2022-10-24T14:58:11.998Z [WARN] (Copier) com.example.jamesML: stderr. [ WARN:0@15.489] global /tmp/pip-wheel-8c7uejek/opencv-python_88dbbad412c5416b992ae69de26299d6/opencv/modules/videoio/src/cap_v4l.cpp (902) open VIDEOIO(V4L2:/dev/video0): can't open camera by index. {scriptName=services.com.example.jamesML.lifecycle.run.script, serviceName=com.example.jamesML, currentState=RUNNING} 2022-10-24T14:58:12.005Z [INFO] (Copier) com.example.jamesML: stdout. Could not open webcam. {scriptName=services.com.example.jamesML.lifecycle.run.script, serviceName=com.example.jamesML, currentState=RUNNING} 2022-10-24T14:58:13.240Z [INFO] (Copier) com.example.jamesML: Run script exited. {exitCode=0, serviceName=com.example.jamesML, currentState=RUNNING} <and this is my recipe> { "RecipeFormatVersion": "2020-01-25", "ComponentName": "com.example.jamesML", "ComponentVersion": "1.0.19", "ComponentType": "aws.greengrass.generic", "ComponentDescription": "Capstone Design james machine learning.", "ComponentPublisher": "Me", "ComponentConfiguration": { "DefaultConfiguration": { "accessControl": { "aws.greengrass.ipc.mqttproxy": { "com.example.jamesML:mqttproxy:1": { "policyDescription": "Allows access to publish via topic ml/dlr/image-classification.", "operations": [ "aws.greengrass#PublishToIoTCore" ], "resources": [ "ml/dlr/image-classification" ] } } } } }, "Manifests": [ { "Platform": { "os": "linux", "architecture": "arm" }, "Lifecycle": { "install": { "Script": "" }, "run": { "script": "cd /home/pi&&. pracvenv/bin/activate&&cd james_ml&&python3 practice.py" } }, "Artifacts": [ { "Uri": "s3://greengrass-sagemaker-0930/james_ml.zip", "Digest": "Bc8JmqcuVXamFOuXHeEGMoNovRTgwo9sJQEcsgpqoDo=", "Algorithm": "SHA-256", "Unarchive": "ZIP", "Permission": { "Read": "OWNER", "Execute": "NONE" } } ] } ], "Lifecycle": {} }
1
answers
0
votes
32
views
hyorim
asked a month ago

Missing (resource) permission in AWSAppRunnerFullAccess causes failure when calling the CreateVpcConnector operation

Not really a question, more of a 'bug report'. Solution is provided in this post. `arn:aws:iam::aws:policy/AWSAppRunnerFullAccess` is missing permission to create `AWSServiceRoleForAppRunnerNetworking` service role. That makes it impossible to create vpc connector despite using `FullAccess` policy. Error message doesn't really help, as pointed by it policy is in fact attached. Steps to reproduce: 1. Use user or assume role with `AWSAppRunnerFullAccess` permissions. 2. Run ```shell aws apprunner create-vpc-connector --vpc-connector-name test-vpc-connector --subnets <subnets> --security-groups <security-groups> ``` Command produces following error: "An error occurred (InvalidRequestException) when calling the CreateVpcConnector operation: AccessDenied. Couldn't create a service-linked role for App Runner. When creating the first vpc connector in the account, caller must have the 'iam:CreateServiceLinkedRole' permission. Use the 'AWSAppRunnerFullAccess' managed user policy to ensure users have all required permissions." Temporary solution: add additional policy with `Allow` `iam:CreateServiceLinkedRole` on resource `arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner`. Long term, I believe it should be added to AWSAppRunnerFullAccess.
1
answers
0
votes
38
views
Pszem
asked a month ago

How to run Cloud Formation Init commands in PowerShell and not cmd?

In Coudformation templates, there is a section to specfiy commands like below. Under `fullServer` I am running the command `install`. However, when I look at the logs after cfn has run on the server, it shows ``` 2022-10-20 13:41:25,780 [INFO] Command install succeeded 2022-10-20 13:41:25,796 [DEBUG] Command install output: $MAGIC ``` This is because the `$Magic` is how to declare and use variables in powershell where as cmd needs the `set` keyword. I would expect the output of this command to be `Command install output: I am from the full server env`. ``` "AWS::CloudFormation::Init": { "configSets": { "downloadS3Data": ["downloadS3"], "Full": [{"ConfigSet": "downloadS3Data"}, "fullServer"], "default": [ {"ConfigSet": "Full"}], "App": [{"ConfigSet": "downloadS3Data"}, "appServer"], "Interface": [{"ConfigSet": "downloadS3Data"}, "interfaceServer"], "Notification": [{"ConfigSet": "downloadS3Data"}, "notificationServer"] }, "downloadS3": { "files": { "C:\\ccw_downloads\\test.txt": { "source": "https://ccw-to-rds-poc-1.s3.us-east-2.amazonaws.com/test.txt", "authentication": "S3AccessCreds" } } }, "fullServer": { "commands": { "install": { "command": "echo $MAGIC", "env": {"MAGIC": "I am from the full server env"}, "cwd": "C:\\ccw_downloads", "waitAfterCompletion": 120 } } } } ``` I would like to run the command with PowerShell and not cmd. Is there a way to specify that like I can with User Data? I know that I could append `PowerShell -Command` to the beginning, making cmd call PowerShell and pass args. However, that would not allow me to use the enviornment variable `MAGIC`. For example `"command": "Powershell -Command 'echo $magic'"`
1
answers
0
votes
18
views
asked a month ago

How to download s3 file to Window 2022 EC2 instance with CloudFormation Init? Getting Access Denied error.

I'm trying to download a file from an S3 bucket onto a EC2 Windows server. I'm set up the IAM role, policy, and profile. In the CloudFormation::Init section of the server, I have different configSets and one of them is downloading a file from the bucket. ``` --- Some items not shown --- "Parameters": { "S3BucketName": { "Description": "The name of an existing S3 bucket that the server needs to access.", "Type": "String", "Default": "ccw-to-rds-poc-1" }, --- Some parameters not shown --- "InstanceRole":{ "Type":"AWS::IAM::Role", "Properties":{ "AssumeRolePolicyDocument":{ "Statement":[ { "Effect":"Allow", "Principal":{ "Service":[ "ec2.amazonaws.com" ] }, "Action":[ "sts:AssumeRole" ] } ] }, "Path":"/" } }, "RolePolicies":{ "Type":"AWS::IAM::Policy", "Properties":{ "PolicyName":"S3Download", "PolicyDocument":{ "Statement":[ { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource": {"Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "S3BucketName"}]]} } ] }, "Roles":[ { "Ref":"InstanceRole" } ] } }, "InstanceProfile":{ "Type":"AWS::IAM::InstanceProfile", "Properties":{ "Path":"/", "Roles":[ { "Ref":"InstanceRole" } ] } }, "myAppServer": { "Type": "AWS::EC2::Instance", "Metadata": { "AWS::CloudFormation::Authentication": { "S3AccessCreds": { "type": "S3", "roleName": { "Ref": "InstanceRole" }, "buckets" : [{"Ref": "S3BucketName"}] } }, "AWS::CloudFormation::Init": { "configSets": { "downloadS3Data": ["downloadS3"], "Full": [{"ConfigSet": "downloadS3Data"}, "fullServer"], "default": [ {"ConfigSet": "Full"}], "App": [{"ConfigSet": "downloadS3Data"}, "appServer"], "Interface": [{"ConfigSet": "downloadS3Data"}, "interfaceServer"], "Notification": [{"ConfigSet": "downloadS3Data"}, "notificationServer"] }, "downloadS3": { "files": { "C:\\Users\\Administrator\\Documents\\s3download.bak": { "source": "https://ccw-to-rds-poc-1.s3.us-east-2.amazonaws.com/test.txt", "authentication": "S3AccessCreds" } } }, "fullServer": { "commands": { "test": { "command": "echo \"$MAGIC\"", "env": {"MAGIC": "I am from the full server env"}, "cwd": "C:\\Users\\Administrator\\Desktop" } } }, --- Some config sets not shown --- } }, "Properties": { "IamInstanceProfile": { "Ref": "InstanceProfile" }, "ImageId": "ami-012bb86d0081c5240", "InstanceType": "t2.small", "KeyName": {"Ref": "keypair"}, "SecurityGroupIds": ["sg-0d0b50ca1774707b7"], "UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [ "<powershell>\n", "cfn-init.exe -v -s ", {"Ref" : "AWS::StackId"}, " -r YourInstance -c ", {"Ref": "CCWServerType"} , " --region ", {"Ref" : "AWS::Region"}, "\n", "</powershell>\n", "<persist>true</persist>" ] ] } } } } ``` When the server runs `"cfn-init.exe -v -s ", {"Ref" : "AWS::StackId"}, " -r YourInstance -c ", {"Ref": "CCWServerType"} , " --region ", {"Ref" : "AWS::Region"}, "\n",`, It creates the `s3download.bak`, but it is empty and gives an Access Denied, (HTTP Error 403). Is there something I'm not doing correctly with the IAM configurations that is causing this? EDIT: I thought that because I am accessing the entire bucket and not just a specific item, like mentioned in [this article](https://aws.amazon.com/blogs/devops/authenticated-file-downloads-with-cloudformation/) that might be the issue. However, after trying `"Action":["s3:*Object"]` and `"Action":["s3.Get*"]`, I still get the same access denied error.
2
answers
0
votes
51
views
asked a month ago