Questions tagged with Microservices
Content language: English
Sort by most recent
i have a API that is very IO sensitive, that i want to host using AWS Lambda. I can package the data for this app with my container image, but when the lambda is invoked for the first time, i want to copy this data to tmpfs and server my request from there.
I know this makes my cold boot times horrible. But i dont really care about those. I want responsiveness, because the requests always will come in bulk
The usual workflow, if i were to set this up in an EC2 is to mount a local directory as tmpfs. and then copy files there with a userdata script.
Can someone show me how to do that in Lambda.
I cannot for instance mount any tmpfs file system at boot.
My Message routing destination is web service on EKS . After updating EKS version(change Message routing destination Domain name resolution ). the Message routing is not working on AWS IOT core. Can you help me check?
Hello,
We're using EventBridge to trigger an application API on a periodic basis. It is public facing and hosted on our EC2 instances, which is behind a Load Balancer.
It had been working fine up until the day the domain name's SSL certificate expired. However, after SSL cert had been renewed and re-imported via Certificate Manager, the error still persists (from the deadletterqueue):
| Name | Value |
| --- | --- |
| ERROR_CODE | SDK_CLIENT_ERROR |
| ERROR_MESSAGE | Unable to invoke ApiDestination endpoint: API destination endpoint cannot be reached. |
| RULE_ARN | ... |
| TARGET_ARN | ... |
Connection is Authorized, API Destination has been checked and works when called in the browser. Everything seems to be in order. Have tried re-creating new connection/APIDestination/new rule but hitting same error.
What might cause such an error "SDK_CLIENT_ERROR" ?
Thanks in advance.
Hi,
Can anyone please help me with this Use-case?
Use-case :
I've created the secure proxy for a private resource in the AWS API gateway. For private integration I've used VPClink and configured the Cognito pool authorizer. But the backend private API already have some Oauth2 token configured and I've separate API to generate the OAuth2 token. I don't want the end client to send both token via request. But want to internally pass the token which is already configured on the backend private rest API, via API Gateway.
For now I've created the proxy and I'm passing both tokens via request.
Note : I don't want to use lambda function.
For Example:
You tried to hit the API Gateway Endpoints via postman with all the required parameters, now the request should first go to authenticator endpoint to generate the Oauth2 Token, Once token is generated the token should be passed to actual backend private resource to return the response.
Also, I want to know if it's the best approach to pass backend API token internally or we can pass both tokens i.e. Backend API Token and API Gateway authorizer token, via request.
Hi,
I'm trying to change a user password when they login for the first time and receive the challengeName: `NEW_PASSWORD_REQUIRED` and in the console their Confirmation Status is `Force change password`. I'm using the `adminRespondToAuthChallenge` function and I'm passing the parameters:
```
{
ChallengeName: "NEW_PASSWORD_REQUIRED",
ClientId: process.env.AWS_CLIENT_ID,
UserPoolId: process.env.AWS_IDENTITY_POOL_ID,
ChallengeResponses: {
USERNAME: USER_ID_FOR_SRP,
NEW_PASSWORD: proposedPassword,
},
Session: session,
}
```
and my function looks like:
```
const response =
await CognitoIdentityServiceProvider.adminRespondToAuthChallenge(parameters).promise();
res.status(200).json({ status: "success", data: response });
```
When I post a request I get the error:
```
TypeError [ERR_INVALID_ARG_TYPE]: The "key" argument must be of type string or an instance of ArrayBuffer, Buffer, TypedArray, DataView, KeyObject, or CryptoKey. Received undefined
at new NodeError (node:internal/errors:371:5)
at prepareSecretKey (node:internal/crypto/keys:570:11)
at new Hmac (node:internal/crypto/hash:132:9)
at Object.createHmac (node:crypto:162:10)
at Object.hmac (C:\Users\joshh\coding_bootcamp\projects\palace-drum-clinic-server\node_modules\aws-sdk\lib\util.js:436:30)
at Object.getSigningKey (C:\Users\joshh\coding_bootcamp\projects\palace-drum-clinic-server\node_modules\aws-sdk\lib\signers\v4_credentials.js:62:8)
at V4.signature (C:\Users\joshh\coding_bootcamp\projects\palace-drum-clinic-server\node_modules\aws-sdk\lib\signers\v4.js:98:36)
at V4.authorization (C:\Users\joshh\coding_bootcamp\projects\palace-drum-clinic-server\node_modules\aws-sdk\lib\signers\v4.js:93:36)
at V4.addAuthorization (C:\Users\joshh\coding_bootcamp\projects\palace-drum-clinic-server\node_modules\aws-sdk\lib\signers\v4.js:35:12)
at C:\Users\joshh\coding_bootcamp\projects\palace-drum-clinic-server\node_modules\aws-sdk\lib\event_listeners.js:333:20 {
code: 'ERR_INVALID_ARG_TYPE',
retryDelay: 58.59727940103505
```
The user is able to login so I can get the `session `and `USER_ID_FOR_SRP` variables and my AWS variables are correct since I'm using them in other functions with no issues. I'm not sure what the "key" argument is or how to fix this
Thanks
We are searching appropriate VPN implementation to provide access to applications behind Application Load Balancer (ALB) only for internal team.
We are using internet-facing ALB which exposes several applications like backend API (for CloudFront distribution) and others based on EC2 instances.
We have already implemented Client VPN with routing via NAT gateway with Elastic IP address and make filtering by ALB rules based on Host path (DNS provider: DNS records of applications are pointing to ALB) and IP address (Elastic IP address from NAT GW).
It means that our developers establish connection with Client VPN which has static outbound IP address. When they try to access applications, ALB checks Host path and IP address then proceed requests.
It works correct for full tunnel mode but not with split-tunnel.
Is there solution or additional configuration we have to setup to be able using split-tunnel?
Hello, I'm running a NodeJS microservice API on ECS Fargate.
One of these services uses NodeJS's `Buffer.from` constructor to create a new buffer from a string however the buffer creation is faulty and it seems to happen only with the deployed ECS Fargate version (testing locally as well as a built copy on a separate server and there it works, buffer is properly created). For some reason, Buffers created in ECS Fargate are empty - they are valid Buffers but the size is 0 bytes when it should be 32 bytes.
Debugging shows that the payload exists the moment the Buffer is being created. I'm a first time user of Fargate and ECS in general and I have no idea if there are some kind of hidden limitations with ECS runtimes that I can't seem to find from documentation.
The service is allocated with 0.25vCPU and 1GB of RAM. From graphs I can see that the CPU utilization is 10% and MemoryUtilization is 8% so it doesn't seem to be an actual resource starvation that is causing it.
Is this intended behaviour with ECS or is this something that is configurable or am I just overlooking something?
Hi,
I have embeded the CCP in my application. these are my configuration for Amazon connect.
```
ccpUrl:'https://<my-instance-name>.my.connect.aws/ccp-v2',
loginPopup:false,
softphone: {
allowFramedSoftphone: true,
disableRingtone: false, },
loginOptions: this.getLoginOption(),
region: 'eu-central-1',
region: 'ap-southeast-2',
ccpAckTimeout: 5000, //optional, defaults to 3000 (ms)
ccpSynTimeout: 1000, //optional, defaults to 1000 (ms)
ccpLoadTimeout: 100000, //optional, defaults to 5000 (ms)
```
when we login it redirect to the home tab of amazon connect instead of opening the softphone directly. what I expect is to open the CCP softphone tab instead of home tab. Please help if I am missing something in configuration.
Hi team,
I'm trying to do a CICD pipeline with CDK code for AWS infra,
In my code commit repository, I have a parent folder that contains 2 subdirectories one for my spring boot app and the second for the type script CDK project,
when I created the pipeline with CDK I did cd my-cdk-project
```
const myrepository = codecommit.Repository.fromRepositoryName(
this,
"myrepository",
"my-repository-name"
);
```
```
const pipeline = new pipelines.CodePipeline(this, "Pipeline", {
crossAccountKeys: true,
pipelineName: "cdk-pipeline",
synth: new pipelines.CodeBuildStep("Synth", {
buildEnvironment: { privileged: true },
input: pipelines.CodePipelineSource.codeCommit(
myrepository,
"mybranchname"
),
commands: [
"cd my-cdk-project",
"npm ci",
"npm run build",
"npx cdk synth",
],
primaryOutputDirectory: "my-cdk-project/cdk.out",
}),
});
```
but when the pipeline execute I have the impression that it ignore all commands before the `npm ci`, so I have this error
I tried to do cd ./my-cdk-project, but still have the same error
I also tried with `pipelines.ShellStep...` but the error is still the same :
I recommit the package-lock.json but this did not solve the issue
```
Running command npm ci
npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path /codebuild/output/src123456789/src/package.json
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, open '/codebuild/output/src123456789/src/package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/xfdgjgfghghjghg-debug.log
```
did I miss something?
Thank you for your help!
Please i need help creating a layer.
I have previously done this, only this time my zip file that contains all dependencies is about 600+ mb, and Lambda has a limit of 250mb.
What other options do i have, i am thinking docker but i don't know my way around that.
But if there are other options i would love to hear thank you.
The project is running completely using python.
I have two AWS accounts.
1. Account A has several ECS services, an ALB with target groups targetting IPs and Ports on those ECS services, and a hosted zone with a Route53 Alias record tying an API URL (ex. api.example.com) to the ALB DNS name.
2. Now there is a requirement to have another ECS service, but in a separate account (account B) for security reasons. We still need to use the existing "api.example.com".
What options do I have to deploy the new ECS service to the new account B, but have its traffic routed through the ALB of account A so we can still use the same API URL? Is my best option VPC peering, PrivateLink, etc? I'm struggling trying to find a good example of this.
Also, account B does not have any ALB set up right now. Just an ECS service not exposed by any ALB target group. Could I potentially create a separate ALB in account B, add a target group that targets the new ECS service, and then somehow DNS my way into using the API URL configured in account A's hosted zone?
Thank you!
I have a bunch of lambdas and want to attach a layer containing several node packages.
The lambda is finding the code, so I know the path is correct.
I think my question is how to call a constructor within the layer from my index.mjs lambda module.
Any help much appreciated,
David
***Lambda Code:***
```
var FPDF = import('/opt/node_modules/node-fpdf/src/fpdf_js.js');
export const handler = async (event) => {
console.log(JSON.stringify(event));
var pdf = new FPDF('P','mm','A4');
pdf.AddPage();
pdf.SetFont('Arial','B',12);
pdf.Cell(5,5,"Hello World!!");
pdf.Output('F',`test.pdf`);
}
```
***Code in node_modules/node-fpdf/src/fpdf_js.js:***
```
module.exports = class FPDF {
constructor(orientation = 'P', unit = 'mm', size = 'A4', PDFA = false, posX = 1, posY = 1) {
....
}
SetFont(family, style = '', size = 0) {
....
}
....
}
```
**I've tried the following:**
```
import { FPDF } from '/opt/node_modules/node-fpdf/src/fpdf_js.js';
var pdf = new FPDF('P','mm','A4');
**SyntaxError: Named export 'FPDF' not found. The requested module '/opt/node_modules/node-fpdf/src/fpdf_js.js' is a CommonJS module, which may not support all module.exports as named exports. CommonJS modules can always be imported via the default export, for example using: import pkg from '/opt/node_modules/node-fpdf/src/fpdf_js.js'; const { FPDF } = pkg;**
```
```
import pkg from '/opt/node_modules/node-fpdf/src/fpdf_js.js';
const { FPDF } = pkg;
var pdf = new FPDF('P','mm','A4');
**TypeError: FPDF is not a constructor**
```
```
var FPDF = require('/opt/node_modules/node-fpdf/src/fpdf_js.js');
var pdf = new FPDF('P','mm','A4');
**require is not defined in ES module scope, you can use import instead**
```
```
var FPDF = import('/opt/node_modules/node-fpdf/src/fpdf_js.js').FPDF;
var pdf = new FPDF('P','mm','A4');
**TypeError: FPDF is not a constructor**
```
```
var FPDF = import('/opt/node_modules/node-fpdf/src/fpdf_js.js').default();
var pdf = new FPDF('P','mm','A4');
**ImportCall("/opt/node_modules/node-fpdf/src/fpdf_js.js").default is not a function**
```