Serverless

Hi, we have a normal sqs (not FIFO), and trying to pull messages from it through python boto3 receive_message call specified here : https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs.html#SQS.Client.receive_message message = sqs.receive_message( QueueUrl=queue_url, AttributeNames=[ 'SentTimestamp' ], MessageAttributeNames=[ 'All' ], VisibilityTimeout=120, MaxNumberOfMessages=MAX_RECEIVE_MESSAGES, WaitTimeSeconds=MAX_WAIT_TIME_SECS ) and having a few questions. * With understanding WaitTimeSeconds > 0 is called long polling. Even if we have around 10 messages in sqs, setting WaitTimeSeconds = 2 secs, MaxNumberOfMessages =10, we still get 1 message by calling receive_message. Is that expected behavior? * Based on developer document, MaxNumberOfMessages does not guarantee receiving the specified number of messages but just give the API a chance to scan through servers which containing messages. Am I understanding it correctly? * We program a loop to call the above api multiple times (times =10) and do get 1 message each time - total 10 messages. We wonder if such programming style would hit some sort of API limit (only allow certain times of receive_message call in a period). Is there such limit existing? * Will we be charged by each receive_message call? What is the amount of charge by each call? * Is it true only when the queue has > 5000 messages then we will see long polling returns more than 1 message? * the api allow us to specify VisibilityTimeout. However, if the SQS has a specified visibility timeout during creation. Which one will take affect, the one specified in API or the one specified during SQS creation? * where in real life, we will have a million message in the sqs at the very beginning. if we set WaitTimeSeconds = 2 secs, will the call return in 2 secs or possibility less than 2 secs in case the single long polling returns 10 messages within 1 sec? * our lambda is waken up by cloudwatch event every minute (shortest time can be specified by cloudwatch event rule), once waken up, it will run into a loop which keeps calling receive_message with MaxNumberOfMessages =10 until either the loop runs N times or received M number of messages. Any issue with this design? Sorry for so many questions. Thank you!lg...

We have migrated a lambda from AWS Greengrass v1 to AWS Greengrass v2. This lambda needs to extract and decrypt a secret from Greengrass Core. How can we authorize the component to perform IPC permissions to the lambda for that? Regular components recipes have the option `ComponentConfiguration/DefaultConfiguration/accessControl`. However when we build the component out of a lambda using AWS CLI [create-component-version](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/greengrassv2/create-component-version.html) and option `--lambda-function`, there is no option to assign authorization policies. One way we tried to make it work is by using a *merge update* in our deployment (as documented [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-secret-manager.html)). ``` "accessControl": { "aws.greengrass.SecretManager": { "<my-component>:secrets:1": { "policyDescription": "Credentials for server running on edge.", "operations": [ "aws.greengrass#GetSecretValue" ], "resources": [ "arn:aws:secretsmanager:us-east-1:<account-id>:secret:xxxxxxxxxx" ] } } } ``` However the end recipe of the component (in the deployment) does not display the `accessControl` (AWS Greengrass Console), so we assume it has not been *merge updated.* ``` ... "ComponentConfiguration": { "DefaultConfiguration": { "lambdaExecutionParameters": { "EnvironmentVariables": { "LOG_LEVEL": "DEBUG" } }, "containerParams": { "memorySize": 16384, "mountROSysfs": false, "volumes": {}, "devices": {} }, "containerMode": "NoContainer", "timeoutInSeconds": 30, "maxInstancesCount": 10, "inputPayloadEncodingType": "json", "maxQueueSize": 200, "pinned": false, "maxIdleTimeInSeconds": 30, "statusTimeoutInSeconds": 30, "pubsubTopics": { "0": { "topic": "dt/app/+/status/update", "type": "PUB_SUB" } } } }, ``` Any guidance here would be greatly appreciated! Thankslg...

Hi,I want to raise a ticket automatically in service now or any other tool when my glue job failed to run.this process need to be automated.can any one help.lg...

Is there any expiry date of the security token present in the URL which I got through: ``` Amplify.Storage.getUrl( "ExampleKey", result -> Log.i("MyAmplifyApp", "Successfully generated: " + result.getUrl()), error -> Log.e("MyAmplifyApp", "URL generation failure", error) ); ``` I'm asking this because I want to hardcode the URL in my post model of graphql schema Second question: is it good to hardcode the URL? I'm worried because recently the s3 object URL format got deprecated. Update (September 23, 2020) – Over the last year, we’ve heard feedback from many customers who have asked us to extend the deprecation date. Based on this feedback we have decided to delay the deprecation of path-style URLs to ensure that customers have the time that they need to transition to virtual hosted-style URLs. Like this one day, virtual hosted-style URLs might be deprecatedlg...

I deployed stable diffusion v2.0 by aws sagemaker, and create endpoint for real-time inference.(instance type is ml.g4dn.xlarge) Also, i used aws apigateway and aws lambda. my question is that concurrency of prediction process by invoked request. when i check cloudwatch log, i see that request is sequentially process.(one prediction finished, then next prediction proceeded) i expected that the requests are concurrently dealt with, but not. at real-time endpoint, there is no max concurrent options, then invokeendpoint always sequentially procedeed?? no way for making requests are parellely dealt with, except increase instance number?lg...

There is an error that changes to "??" when I type Korean on the server. I wonder if the hosting server environment is UTF-8. It seems that the server doesn't accept Korean, so I want to know the solution. lg...

'm trying to build an SFTP server for an EFS that uses a lambda function to check username and password provided against a Secret in AWS. I followed [this article](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-for-sftp-using-aws-secrets-manager/) but changed it a bit, I'm not using an API Gateway, I use the lambda function directly as identity provider which fetches the following data from secret Manager : ``` "Role" : "arn:aws:iam::xxxxxxxxxxx:role/my-transfer-role", "PosixProfile": { "Uid": 1001, "Gid": 1001, "SecondaryGids": [] }, "HomeDirectory": "/" ``` so far I can only connect to the SFTP server, but can't read or write what's on the EFS `Message="Unable to list directory: permission denied for /"` I created a role and a policy attached to Transfer with permissions on my EFS as explained in [this guide](https://docs.aws.amazon.com/transfer/latest/userguide/requirements-roles.html) Is there something I'm missing in this configuration please? Thankslg...

I am trying to base64encode a string in a AppSync javascript resolver but as far as I checked, it is not possible nor with btoa() function nor with [js util library](https://docs.aws.amazon.com/appsync/latest/devguide/str-helpers-in-util-str-js.html). Is there any workaround to manage it ?lg...

I have a multi-container application that runs a service on ECS. The images are hosted on ECR, configuration files are pulled from a S3 bucket during container startup via script. The application sits behind a network loadbalancer with EIP. The loadbalancer is in a public subnet and reachable, the app itself is inside a private subnet. My ultimate goal is to automatically update the service when either a.) a new image is checked in or b.) a new configuration file is uploaded. I figured the best way to do this behind a network load balancer (which supports rolling update) is to use the AWS ECS CLi inside a lambda function that triggers upon update. If I did not misread the docs, the CLI should trigger a rolling update. To test the CLI, I tried: `aws ecs update-service --cluster mycluster --service myservice --force-new-deployment` However, this was not successful. A new task was created, but was stopped before deployment was finished with log message: > Essential container in task exited Parameters for the service are min. 100 % and max. 200 %. I also tried to set the lower bound of running tasks to 0 %. This resulted in the successful exit of the old task, but the new tasks failed to deploy with the same error. This makes me think that I probably configured something incorrectly. Questions: 1.) Is using a lambda function a smart choice here? Or is there a better way? 2.) How can I troubleshoot the failing rolling update? I appreciate any help! If you need more information, please let me know. Best regards, Sebastianlg...

I would like to understand how many calls of a Lambda function, through AWS-SDK, I can perform simultaneously. Now I am a free tier and it seems that I can't performe more than 10 concurrently executions. In my project, each client is going to make running a function and so the number of concurrently executions that my aws account can performe would be equal to the number of clients that my web app can serve simultaneously. I will be fine with 1000 at the beginning. Is it possible? How many concurrently executions my aws account (if not anymore free tier) could manage of a single function and overall through all functions by default? I will use Europe (Milano) region. With my account, right now, I can performe 10 concurrent executions of my function. I attached my concurrency data in the image: And my code:; import AWS from 'aws-sdk'; AWS.config.update({ accessKeyId: 'idKey', secretAccessKey: 'SecretKey', region: 'eu-west-3', }); const lambda = new AWS.Lambda(); var Utente = {feature: "feature"}; const params = { FunctionName: 'Lambda', Payload: JSON.stringify(Utente) }; ˙ lambda.updateFunctionConfiguration({ FunctionName: 'Lambda', Environment: { Variables: {} } }).promise(); function Invokation(params){ lambda.invoke(params, (error, data) => { if (error) { console.log(error) } else { console.log("OK") } }) }; for (let index = 0; index < 20; index++) { console.log(index); Invokation(params); }lg...

I am looking to use containers to run a task every hour using containers. Imagine the task takes 20 minutes, so it's not suitable for lambda, and it's not suitable for EC2, since 40 minutes out of every hour the instance would be idle. I have created a container that runs one simple task, (writes a row into a database) then stops. I created a docker container, pushed this to ECR, then created an ECS task that appears to run the task constantly (starting / restarting). I set the number of tasks to 0 for the cluster to stop this behaviour. I then created a schedule using AWS event bridge, and set it to run the task every hour, but it's not running at all. Can anyone suggest something that I should look at to achieve the desired scheduled task?lg...

I am using textract(detect text) Async to process the documents. Let's say if I have a document of 3000 pages I am sending this whole document to textract by Lambda, means this 3000 pages processing will be done in Lambda function at a time by texract API call. My query is 1. is this doable as LAMBDA will get expired in 15mins and probably these 3000 pages would not be processed in time 2. Does 600 Maximum number of asynchronous jobs simultaneously means 600 documents or it means 600pages in a document. So if a document is 3000 pages then it would be call as 3000 concurrent jobs or 1 job? 3. Any average how many number of pages ina document can be processed in 10mins. (Just asking average as I know it totally depends on file quality etc) Thankyou.lg...

Trying to follow a DynamoDB + Lambda + API Gateway tutorial: [http-api-dynamo-db](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-dynamo-db.html). ``` const AWS = require("aws-sdk"); const dynamo = new AWS.DynamoDB.DocumentClient(); ``` These above lines in the lambda function result in a "ReferenceError": ``` { "errorType": "ReferenceError", "errorMessage": "require is not defined in ES module scope, you can use import instead", "trace": [ "ReferenceError: require is not defined in ES module scope, you can use import instead", " at file:///var/task/index.mjs:1:13", " at ModuleJob.run (node:internal/modules/esm/module_job:193:25)", " at async Promise.all (index 0)", " at async ESMLoader.import (node:internal/modules/esm/loader:530:24)", " at async _tryAwaitImport (file:///var/runtime/index.mjs:921:16)", " at async _tryRequire (file:///var/runtime/index.mjs:970:86)", " at async _loadUserApp (file:///var/runtime/index.mjs:994:16)", " at async UserFunction.js.module.exports.load (file:///var/runtime/index.mjs:1035:21)", " at async start (file:///var/runtime/index.mjs:1200:23)", " at async file:///var/runtime/index.mjs:1206:1" ] } ``` How to resolve it? and what is causing this issue? Thanks.lg...

Hi, I have a CloudFront viewer request lambda@edge function that returns a custom cloudfront policy after verifying a cognito userpool id_token. The custom policy would grant access to read files from a user directory of the form /users/<identityID> where the identityID is based on the cognito identity pool. I have the following in my lambda function to get the identityID associated with a userpool id_token. ``` AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: <identityPoolID>, Logins: { <UserPoolID>: id_token } }); await AWS.config.credentials.getPromise(); identityId = AWS.config.credentials.identityId; console.log(identityId) ``` This seems to work, but I ran across an issue where the lambda@edge function was spun up in us-west-1, while my identity pool (and user pool) are in us-west-2. For some reason, I get an error that the identity pool can not be found. Are these region specific? I have no issues when the lambda function is run in us-west-2. Is there another way to get the identityID from the id_token?lg...

Hi all, I'm getting Invoke error while streaming logs from CloudWatch to open search. I don't think this is because of permission issues. I have added the LAMBDA exec role in opensearch backend. Can anyone guide me on this partlg...

Background: * EC2 instances hosting a REST API microservice * A Network Load Balancer that fronts the EC2 instances with a port 443 Listener that has an ACM issued Private SSL cert installed on it * I have created a VPC link to that NLB. * Created an instance of the API Gateway and defined a method on it. Everything is working fine. I need help with creating a Security Group rule that only allows inbound traffic from the API Gateway on the EC2 port where the API Microservice is exposed. How can I go about doing that? Will appreciate any help with this issue.lg...

Hi, our site just went down and the server is not responding., We did not do any changes to the server what so ever, It just stopped working. When we enter the domain site, It comes back with "page isn't working" ERR_TOO_MANY_REDIRECTSlg...

Hello, I've been setting up Websocket API with Lambda and I received following error: ``` <message-id> INFO Error: connect ECONNREFUSED <ip> at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1300:16) { errno: -111, code: 'ECONNREFUSED', syscall: 'connect', address: <ip>, port: 80, '$metadata': { attempts: 1, totalRetryDelay: 0 } ``` Env is a Node18 and Postman (ws) as a client. Lambda's code: ``` import { ApiGatewayManagementApiClient, DeleteConnectionCommand,PostToConnectionCommand } from "@aws-sdk/client-apigatewaymanagementapi"; const api = new ApiGatewayManagementApiClient({endpoint: 'wss://<id>.execute-api.<region>.amazonaws.com/production', region: 'eu-central-1' }) export const handler = async (event) => { console.log(event); const {routeKey, connectionId} = event?.requestContext let msg; console.log(`Request key is ${routeKey} and connectionID is ${connectionId}`) switch(routeKey){ case '$connect': msg = 'connected My friend'; break; case '$disconnect': msg = 'disconnected my friend'; break; case 'message': try{ await replyToMessage(connectionId, 'RAMP PAM PAM') }catch(e){ console.log('EXEPTION ALARM') console.log(e) } break; default: console.log('something bad happened', routeKey); break; } // TODO implement const response = { statusCode: 200 }; return response; }; const replyToMessage = (ConnectionId, message) =>{ const data = {message}; const cmd = new PostToConnectionCommand({ ConnectionId, Data: Buffer.from(JSON.stringify(data)) }) const result = api.send(cmd); console.log(result) return result; } ``` Lambda's policy ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "execute-api:*", "Resource": "arn:aws:execute-api:<region><id>:<api-id>/production/*" } ] } ``` Thank you in advance, Arczik!lg...