By using AWS re:Post, you agree to the Terms of Use

Serverless

Serverless is a way to describe the services, practices, and strategies that enable you to build more agile applications so you can innovate and respond to change faster. With serverless computing, infrastructure management tasks like capacity provisioning and patching are handled by AWS, so you can focus on only writing code that serves your customers.

Recent questions

see all
1/18

Sending AS2 messages between two AWS Transfer Family servers

I've set up AWS Transfer Family servers in two different regions to test the sending functionality. However, even though the VPC is created, sending messages fail with either UNABLE_TO_CONNECT_TO_REMOTE_HOST_OR_IP or "File path not found". I'm using S3 for the document to send. I've checked the IP address with a different program (Mendelson AS2) and it's able to connect fine. It even was able to send a test document. Despite that, when sending through a lambda function, it fails. A few things tried: * Checking permissions: I'm able to connect and describe the server, the connectors, etc with no problem so it's not that * Connector with the wrong URL: I used the same URL as the URL in Mendelson with the port attached at the end (http:/s-xxx:5080 in the format specified in [1] with the region). I also tried the URL without the port specified and that didn't work either * Region issue: I thought the mismatch between the region could be an issue since the lambda was set in us-west-1 while the as2 server I was sending to is in us-east2 so I created a different connector and had it send to itself in the same region. Still the same error with being unable to connect * Checked the cloudwatch logs: It actually reports that everything sent successfully with a 200 code Weird things noticed: * After the lambda is triggered, it creates the expected failed and processing folder but after the first few times, it no longer saves the results. I get a .cms file and a .json file sometimes but not every time, even though the cloudwatch logs are correctly created every time. * The failed and processed folders somehow got created a folder above rather than the folder the file was uploaded to. (e.g. the folder structure is bucket/folder 1/folder2/folder 3 and the uploaded file was in folder3. However, the failed and processing folders were created in folder2 instead of the expected folder3. This happened just once though. Additional question: I can upload this as a different question if needed but since it's related to my issue, I figured I'd put it here as well * What's the transfer id for? Is that supposed to be the execution id? There doesn't seem to be an option to view the results of the transfer in the documentation [2]. References: [1] https://docs.aws.amazon.com/transfer/latest/userguide/as2-end-to-end-example.html#as2-create-connector-example [2] https://docs.aws.amazon.com/transfer/latest/userguide/API_StartFileTransfer.html
0
answers
0
votes
3
views
asked 6 hours ago

Powershell Lambda for AD failing with "A parameter cannot be found that matches parameter name 'Culture'"

I am attempting to create a Powershell Lambda, which runs this script to alert AD users of expiring passwords via SES: #Requires –Modules ActiveDirectory #Requires -Modules @{ModuleName='AWSPowerShell.NetCore';ModuleVersion='3.3.283.0'} $pwd = ConvertTo-SecureString 'XXXXXXXXX' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential('XXXXXXXXXXX', $pwd) Get-ADUser -Filter * -Server XXXXXXXXXX -SearchBase "OU=User,OU=TestADManagement,OU=TestOU,DC=XXXXXXXXXXX,DC=com" -Properties Name, mail, Enabled, AccountExpirationDate, AccountExpires, msDS-UserPasswordExpiryTimeComputed -Credential $cred | Select-Object -Property Name, mail, AccountExpirationDate, AccountExpires, Enabled, @{Name="PasswordExpiry"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Where-Object {(($_.AccountExpirationDate -gt (Get-Date)) -or ($_.AccountExpires -eq '0') -or ($_.AccountExpires -eq '9223372036854775807')) -and $_.Enabled -eq $true -and ($_.PasswordExpiry -lt ((Get-Date).AddDays(87))) -and $_.PasswordExpiry -notlike "12/31/1600*" } | ForEach-Object {$timediff = New-Timespan -Start (Get-Date) -End $_.PasswordExpiry; Send-SES2Email -FromEmailAddress "sergey.gankin@veolia.com" -Destination_ToAddress $_.mail -Text_Data "Hello $($_.Name), your password will expire in $($timediff.Days) days!" -Subject_Data "Password Expiring"} The script itself runs successfully, the Lambda gets created and successfully hosted in a VPC, but when attempting to execute the Lambda, it throws the following error: { "errorType": "CmdletInvocationException", "errorMessage": "A parameter cannot be found that matches parameter name 'Culture'.", "stackTrace": [ "at Amazon.Lambda.PowerShellHost.PowerShellFunctionHost.ExecuteFunction(Stream inputStream, ILambdaContext context)", "at lambda_method18(Closure , Stream , ILambdaContext , Stream )", "at Amazon.Lambda.RuntimeSupport.Bootstrap.UserCodeLoader.Invoke(Stream lambdaData, ILambdaContext lambdaContext, Stream outStream) in /src/Repo/Libraries/src/Amazon.Lambda.RuntimeSupport/Bootstrap/UserCodeLoader.cs:line 145", "at Amazon.Lambda.RuntimeSupport.HandlerWrapper.<>c__DisplayClass8_0.<GetHandlerWrapper>b__0(InvocationRequest invocation) in /src/Repo/Libraries/src/Amazon.Lambda.RuntimeSupport/Bootstrap/HandlerWrapper.cs:line 56", "at Amazon.Lambda.RuntimeSupport.LambdaBootstrap.InvokeOnceAsync(CancellationToken cancellationToken) in /src/Repo/Libraries/src/Amazon.Lambda.RuntimeSupport/Bootstrap/LambdaBootstrap.cs:line 176" ], "cause": { "errorType": "ParameterBindingException", "errorMessage": "A parameter cannot be found that matches parameter name 'Culture'.", "stackTrace": [ "at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)", "at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)", "at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)", "at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)", "at System.Management.Automation.PSScriptCmdlet.DoEndProcessing()", "at System.Management.Automation.CommandProcessorBase.Complete()" ] } } I've tired creating the Lambda with Powershell 7 and Powershell 6, but getting the same error, although the ActiveDirectory module appears to import just fine. I've also tried requiring AWSPowerShell.NetCore and AWS.Tools.Common (separately, because together, they generate a "module by this name was already loaded" error), but that made no difference, and requiring Microsoft.PowerShell.Utility, or Microsoft.PowerShell.Management makes the package too large. Please help!
0
answers
0
votes
21
views
asked 16 hours ago

cognito verification link to validate users

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed link
0
answers
1
votes
35
views
asked 16 hours ago

Add new user to user pool groups as Admin

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrator: - the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes - when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. - the client will receive a link via email to validate the **invitation** - when the client clicks the link (custom Domain link), he validates the invitation In the SDK documentation, I found that a system Admin can add users to the Cognito group using the `adminAddUserToGroup` API call ``` var params = { GroupName: 'STRING_VALUE', /* required */ UserPoolId: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE' /* required */ }; cognitoidentityserviceprovider.adminAddUserToGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); ``` but the `adminAddUserToGroup` API call, only take as params the GroupName, UserPoolId and Username ``` { "GroupName": "string", "Username": "string", "UserPoolId": "string" } ``` - how can I get my user created (with the given name, surname, email, and custom attributes...) with this call: `adminAddUserToGroup`? - the username on the params above is it the sys admin username or the user name of the client to create? - how can I validate the invitation once the client clicks the verification link? - should I create a new lambda that sends the verification link or the API call `adminAddUserToGroup` send the email to the user on our behalf? the critical part is how can the system admin create a new user (with all attributes: given name, email....), via the `adminAddUserToGroup` API call and how can I validate the invitation when the user clicks the verification link? Thank you team for your help!
2
answers
1
votes
33
views
asked 2 days ago

how to deploy an ecs service with a task definition that has 2 images with blue green deployment?

I had configured CodePipeline with CodeBuild and ECS blue green as an action provider to deploy my ECS service. In my buildspec.yml I created imageDetail.json like this ``` {"ImageURI": "imageid"}. ``` This setup was working fine when my task definition had only one image. Now my task definition has two images where one image depends from the other so I changed my buildspec.yml to create an imageDetail.json like this: ``` [{"ImageURI":"image1"}, {"ImageURI":"image2"}] ``` When configuring the pipeline with codebuild and ECS blue green deploy with this new task definition and imageDetail.json that has 2 images it is throwing the following error: "Exception while trying to parse the image URI file from the artifact: BuildArtifact." Then I tried doing this same setup but with ECS (rolling update) as an action provider instead of ECS blue green and it worked. With ECS (rolling update) as an action provider I needed to create an imagedefinitions.json instead of an imageDetail.json. The imagedefinitions.json created in buildspec.yml looks like this: ``` [{"name":"name1","imageUri":"image1"}, {"name":"name2","imageUri":"image2"}] ``` However, I want to use ECS blue green as an action provider where I need to create an imageDetail.json in the buildspec.yml file. So, can I create an imageDetail.json with two images like in imagedefinitions.json? I also made the same question here: https://stackoverflow.com/questions/73947923/how-to-deploy-an-ecs-service-with-a-task-definition-that-has-2-images-with-blue
0
answers
0
votes
12
views
asked 2 days ago

Https call to API Gateway via VPC Endpoint fails to make connection intermittently

I have a private API gateway in its own account. It is used by clients having VPC Endpoint interfaces to execute-api service, and until now these have had Private DNS enabled, and there have been no issues. A new client uses some existing public APIs, so Private DNS is disabled. However, they have had intermittent connectivity to the gateway during their testing. I tried reproducing this from a second account with a test Lambda (node.js, v16, arm) in a VPC, using a VPC Endpoint with Private DNS disabled. I was able to reproduce the intermittent connectivity, but I can't understand why this happens. [Edit: The subnets attached to the VPC use the same security group, and this allows htttps ingress from 10.57.150.0/24] I found that when using the generic endpoint DNS Name (no AZ marker in the name) the intermittent issue could be reproduced. If I switch to using the Endpoint DNS Names that include the AZ marker, then 1 of the DNS Names connected every time, but the other 2 (we use 3 AZs and 1 subnet per AZ) fail to connect with a timeout error. I added a call to resolve the hostname passed in, and all three hosts resolve to what I would expect (10.57.150.x), so I think this is a routing issue rather than DNS. The route tables for all three subnets are the same, 2 routes for the s3 and DynamoDB prefix lists, a route for 10.57.150.0/24 and the remaining 0.0.0.0/0 going via a transit gateway instance. I'm not sure what other information I would need to add here. Has anyone seen anything like this before?
0
answers
0
votes
26
views
asked 2 days ago

Popular users

see all
1/18

Learn AWS faster by following popular topics

1/5