Questions tagged with AWS Command Line Interface
Content language: English
Sort by most recent
Hello, I tried the following tutorial https://docs.aws.amazon.com/en_us/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-http.html. But when I use my own URL for testing purposes I got the following error:
Thu Mar 09 16:16:27 UTC 2023 : Execution failed due to configuration error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Thu Mar 09 16:16:27 UTC 2023 : Method completed with status: 500
If I look at the certificate, it is not a selfsigned cert, and it is not expired. How can I install that certificate in my AWS API Gateway environment.
It is worth mentioning that the destination port is not the standard (443).
Since AWS now applies SSE to all new object uploads to S3 buckets (since 1/5/23), how should this impact testing of S3 encryption via the CLI, such as using ‘get-bucket-encryption’? https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
If an S3 bucket was previously unencrypted, it should now show up in our CLI results as having SSE, correct? Mainly, my question is, if a existing S3 bucket just sat there with no actions occurring, would the SSE automatically trigger and therefore any CLI output would reflect this new SSE status? Or is it possible the CLI would incorrectly show the bucket as unencrypted until some kind of put or get type action was run on the S3 bucket?
In some earlier testing of S3 CLI that is dated no **earlier **than 1/26 the results included a lot of unencrypted buckets. However, since everything now has SSE because of this change from AWS and we randomly selected 2 buckets shown as not encrypted and re-ran the CLI, now the CLI output indicates that they have SSE. Just not sure what happened here.
How do we remove folders and/or files from Workdocs that we no longer use, when the owners are no longer working for AWS?
asked 25 days ago
Hello, I know this issue was discussed before (see similar posts from in 2022), but I am still blocked faced with same/similar problem today. I am getting same exact error trying to execute command on a simple bitnami/nginx container running on ECS EC profile:
+++++++++++++++++++++
aws ecs execute-command --task <removed> --cluster awsome_ecs_cluster --container nginx-test1 --interactive --command
"/bin/bash"
The Session Manager plugin was installed successfully. Use the AWS CLI to start a session. An error occurred
(TargetNotConnectedException) when calling the ExecuteCommand operation: The execute command failed due to an
internal error. Try again later.
+++++++++++++++++++++
Running the https://github.com/aws-containers/amazon-ecs-exec-checker tool everything appears to be running OK:
```
Prerequisites for check-ecs-exec.sh v0.7
jq | OK (/opt/homebrew/bin/jq) AWS CLI | OK (/usr/local/bin/aws)
Prerequisites for the AWS CLI to use ECS Exec
AWS CLI Version | OK (aws-cli/2.11.0 Python/3.11.2 Darwin/22.3.0 exe/x86_64 prompt/off) Session Manager Plugin | OK (1.2.398.0)
Checks on ECS task and other resources
Region : us-west-1 Cluster: awsome_ecs_cluster Task : removed
Cluster Configuration | KMS Key : Not Configured
Audit Logging : DEFAULT
S3 Bucket Name: Not Configured
CW Log Group : Not Configured
Can I ExecuteCommand? | arn:aws:iam::XXXXXXXXXX:user/dz-XXXXXXXXXXXX
ecs:ExecuteCommand: allowed
ssm:StartSession denied?: allowed
Task Status | RUNNING
Launch Type | EC2
ECS Agent Version | 1.68.0
Exec Enabled for Task | OK
Container-Level Checks |
---------- Managed Agent Status ----------
1. RUNNING for "nginx-test1" ----------
Init Process Enabled (run_nginx_ecs:7)
----------
1. Enabled - "nginx-test1" ----------
Read-Only Root Filesystem (run_nginx_ecs:7)
----------
1. Disabled - "nginx-test1"
Task Role Permissions | arn:aws:iam::XXXXXXXXXXX:role/ECSTaskRoleAB3
ssmmessages:CreateControlChannel: allowed
ssmmessages:CreateDataChannel: allowed
ssmmessages:OpenControlChannel: allowed
ssmmessages:OpenDataChannel: allowed
VPC Endpoints | SKIPPED (vpc-XXXXXXXXXXXXXXXXXXX - No additional VPC endpoints required)
Environment Variables | (run_nginx_ecs:7)
1. container "nginx-test1"
- AWS_ACCESS_KEY: not defined
- AWS_ACCESS_KEY_ID: not defined
- AWS_SECRET_ACCESS_KEY: not defined
-----------------------------------
```
Everything seems to be "green" and allowed, there are no AWS_ACCESS_KEY env variables defined in container (only in CLI context) but I am still getting an error above.
Any troubleshooting tips on this issue are appreciated!
asked a month ago
I am writing a python script which will iterate through the AWS accounts and fetch all Encryption key details.
In BOTO3 i can see only AWS_KMS key api.
My question is how can I fetch information of the Imported Keys from external KMS using BOTO3?
Does the aws cli provide a way of polling the `"Lifecycle"` value of a data repository association
```
$ aws fsx describe-data-repository-associations
{
"Associations": [
{
"AssociationId": "dra-XXX",
"ResourceARN": "arn:aws:fsx:YYY",
"FileSystemId": "fs-ZZZ",
"Lifecycle": "CREATING",
"DataRepositoryPath": "s3://RRR",
"BatchImportMetaDataOnCreate": true,
"ImportedFileChunkSize": 1024,
"S3": {
"AutoImportPolicy": {
"Events": [
"NEW",
"CHANGED",
"DELETED"
]
},
"AutoExportPolicy": {
"Events": [
"NEW",
"CHANGED",
"DELETED"
]
}
},
"Tags": [],
"CreationTime": 1678000000.999
}
]
}
```
to become `AVAILABLE` after running
`aws fsx create-data-repository-association ..`,
similar to the command
`aws cloudformation wait stack-create-complete ..`?
I have deleted the component from AWS cloud, from local device, and built another device in another region as well, but it shows device unhealthy, and showing error like this.... . Can anyone tell the reason behind this.
Thank you
Nik
Hello, I am working on AWS Greengrass with raspberry pi4. I have successfully installed all the necessary software for this and also have done some deployments but after the one or two deployments, I found error: bash: greengrass-cli : command not found. Can anyone tell me about the issue behind it.
Thank You in advance.
Nik
I have been trying to send an email through AWS CLI and Powershell and I can't even get one instance to work, the videos and blogs I have seen are outdated. If anyone has guidance I would really appreciate it.
On AWS EC2 instance I've installed Bitnami and on top of that I've installed Wordpress and a Wordpress theme.
After few months of customization few days ago I stopped and started the instance. Since then my site is unavailable.
I am trying to bring the site up and for this I've found this tutorial: https://www.youtube.com/watch?v=xvtoVxk8kWA
Following the tutorial I can say the following:
* Status check for sys. reachability successfully passed
* Status check for instance reachability successfully passed
* Security groups look ok from my perspective
* Network ACL looks ok from my perspective (all traffic allowed)
In the tutorial (time 4:20) it says to start the following command:
`sudo systemctl status httpd`
When I run this command I get the following output
`Unit httpd.service could not be found.`
I tried running this command as "root" and as "bitnami" user. In both cases I am getting the same error message.
In the aforementioned tutorial in the comments someone wrote that "sudo systemctl restart httpd" worked for him. But when I run this command I still get "Unit httpd.service not found.".
Bottom line is - I am trying to bring the site up. This way or any other way. All checks which video describes until 4:20 minute look same/similar on my end. That's why I am trying to bring it up with "sudo systemctl...". can anyone please help me with this? Thanks!
Following the video (4:41) I've run this command to check if the traffic is received on port 80/443:
`netstat -tunlp | grep -i http`
I don't get any result (at least not the result as shown in the video). Based on this I conclude that the site is NOT listening on port 80/443
I tried running this command and here is the result
`sudo firewall -cmd --state
sudo: firewall: command not found`
If I run
`sudo /opt/bitnami/ctlscript.sh status`
Then I get this result
`
apache already running
mariadb already running
php-fpm already running`
Can anyone please help me to bring the site back up? The matter is urgent and critical. Thanks for support and understanding.
------------------------------------------------------------------------------
If I run this command:
`sudo /opt/bitnami/bndiagnostic-tool`
I get the following output
`
An updated version is available. Would you like to download it? You would need t o run it manually later. [Y/n]: n
Welcome to the Bitnami Diagnostic tool.
Please read the following information carefully.
Press [Enter] to continue:
This tool collects system information and files from a Bitnami stack into a
diagnostic bundle file to be uploaded and reviewed by the Bitnami Team, for the
sole purpose of providing you support for any issue you may find.
The uploaded information will be automatically removed from our systems after 1
month. In case you have any doubt regarding our privacy policy please check:
https://www.vmware.com/help/privacy.html
Press [Enter] to continue:
Do you accept? [y/n]: y
|
The bndiagnostic tool has finished searching for errors and has found some
issues that might be related to yours. The output will be shown on the next
page:
Press [Enter] to continue:
===== Begin of bndiagnostic tool output =====
? Resources: Found possible issues
? Connectivity: Found possible issues
✓ Mariadb: No issues found
✓ Processes: No issues found
? Wordpress: Found possible issues
? Apache: Found possible issues
✓ Php: No issues found
[Resources]
Your instance has little available RAM memory.
total used free shared buff/cache available Mem: 975 386 63 1 524 420 Swap: 634
12 622
You could try to increase your instance's memory. Please check your cloud
provider's documentation for more information.
Press [Enter] to continue:
[Connectivity]
Server ports 22, 80 and/or 443 are not publicly accessible. Please check the
following guide to open server ports for remote access:
https://docs.bitnami.com/general/faq/administration/use-firewall/
[Wordpress]
Found recent WordPress plugin related error messages in the Apache error log.
[Sun Feb 26 21:00:44.149415 2023] [proxy_fcgi:error] [pid 952:tid
140330003298048] (70007)The timeout specified has expired: [client
**ip_address**:20346] AH01075: Error dispatching request to : (polling),
referer: https://www.<my-domain-name.com>/wp-admin/plugins.php?s=&plugin_status=all
Please check the following guide to deactivate plugins:
https://developer.wordpress.org/cli/commands/plugin/deactivate/
[Apache]
Press [Enter] to continue:
Found recent error or warning messages in the Apache error log.
[Sun Feb 26 20:59:56.709925 2023] [proxy_fcgi:error] [pid 952:tid
140329768302336] (70007)The timeout specified has expired: [client
**ip_address**:32977] AH01075: Error dispatching request to : (polling),
referer:
https://www.<my-domain-name.com>/wp-admin/admin.php?page=w3tc_dashboard&_wpnonce=521586fa3b&
w3tc_note=flush_all
[Sun Feb 26 20:59:43.844511 2023] [proxy_fcgi:error] [pid 952:tid
140330158352128] (70007)The timeout specified has expired: [client
**ip_address**:28814] AH01075: Error dispatching request to : (polling),
referer:
https://www.<my-domain-name.com>/wp-admin/admin.php?page=w3tc_dashboard&_wpnonce=521586fa3b
[Sun Feb 26 21:00:29.519343 2023] [proxy_fcgi:error] [pid 689:tid
140329474819840] (70007)The timeout specified has expired: [client
**ip_address**:51737] AH01075: Error dispatching request to : (polling)
Please check the following guide to troubleshoot server issues:
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-erro
rs-apache/
Press [Enter] to continue:
===== End of bndiagnostic tool output =====
Press [Enter] to continue: The diagnostic bundle was uploaded successfully to the Bitnami servers. Please copy the following code:
68c41c59-2922-1493-7306-970580d0b299
And paste it in your Bitnami Support ticket._`
-------------------------------------------------------------------
Re. "connectivity":
this is how my inbound rules are defined: https://prnt.sc/ieCq2NSsX6B6
--------------------------------------------------------------------
This video (https://www.youtube.com/watch?v=uLmjoHDCkag) shows how the issue with unreachable site is resolved (14:56 min).
However, when I connect as bitnami user I can't run the commands show in the video.
On the other hand, if I try to connect with the instance over console-aws either as "admin" or "ec2-user", I get the following error
`Failed to connect to your instance Error establishing SSH connection to your instance. Try again later.`
Why can't I connect with the instance?
I am working on raspberrypi4 and Greengrass V2 does not support greengrass-cli (aws -cli) file for the 32-bit processor, so I can not download files for version 2. can anyone suggest what should I do about it? Should I switch on another service or anything else?
Thank you in advance
Description:
Trying, and failing, to publish a greengrass component in the ca-central-1 region.
I have read and checked the steps in:
https://docs.aws.amazon.com/greengrass/v2/developerguide/troubleshooting.html for the error, 'Invalid Input: Encountered following errors in Artifacts: {<s3ArtifactUri> = Specified artifact resource cannot be accessed}
'
Tools/Versions:
aws-cli/2.10.3 Python/3.9.11 Linux/5.15.0-60-generic exe/x86_64.ubuntu.20
Command:
```
aws greengrassv2 create-component-version --inline-recipe fileb://<name>-<version-number>.yaml
```
Debug steps taken:
- Both AWS S3 bucket and create-component-version invocation are in the same region (ca-central-1). Set with both --region flag in the command, and with aws configure default region. both 'ca-central-1'
- The S3 artifact URI is valid - i can aws s3 cp dopy it locally
- i can create the component via the console, but not using aws cli
- AWS account has permissions (full admin permissions set, no deny policies)
RESOLVED - see comment on response below re. credentials