I have a Lambda function that connects with DynamoDB. If I build and deploy this function and run it in my AWS console it works just fine, but if I try to execute it from my IDE (Intellij) it doesn't work. I get the following error message:
The security token included in the request is invalid (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException;
I tried looking at other questions here and nothing seems to workout. I have two users and each one has one group. One of them has AdministratorAcces and the other has DynamoDBFullAccess and AWSLambda_FullAccess permissions. None of them can execute the function locally. Tried to reconfigure my credentials using aws configure in cmd.
I also tried to create new security credentials. And the problem is not with the function because if I remove the DynamoDB connection code and run and deploy locally the function or deploy it in my AWS console successfuly executes. Anyway I will post below the code of my connection:
AmazonDynamoDB client = AmazonDynamoDBClientBuilder.defaultClient();
DynamoDBMapper mapper = new DynamoDBMapper(client);
MyCustomData data = new MyCustomData("test","12313","test2");
mapper.save(data);
EDIT:
I've been debuging the code where the exact problem occurs and seems that in the class AmazonHttpCLient.java there is a part that checks the credentials. The point is that there are three properties in the AWSCredentials object:
My credentials in the ~/.aws/credentials doesn't have a sessionToken parameter, and I at any moment seted that. Also a friend of mine debuged the same project and said that there is no property sessionToken in his debug. I tried to reinstall AWS CLI, SAM and Intellij, deleted the credentials files and checked if there is no credentials in my variables environment but the problem still persists.
I managed to solve the problem by downgrading my SAM CLI version. It was in 1.15.0 and my friends was in 1.6.2. So I downloaded that specific version and worked like a charm.
I don't know why this happens but I hope this gets fixed in in future versions.
I hope it helps someone having this issue.
Most probably, this error is due to the credentials/aws profile used for establishing connection with AWS account.
To troubleshoot this issue using IntelliJ IDEA, I would suggest you to install AWS Toolkit into your IntelliJ IDEA. Furthermore, use AWS Toolkit to find out which aws profile to use to meet your use-case.
otherwise, refer this existing thread for more other option
Related
I am getting 502 Bad gateway error while creating team using Microsoft Graph Api and even using PowerShell commands. What am I doing wrong?
1.First attempt from Postman using Microsoft graph api:
Attached is the screenshot of Postman console while I am trying to create a new team:
I had searched online but I haven't got any solution so I tried doing the same thing from PowerShell using Microsoft Teams PowerShell cmdlets but I am still getting the same error .
Here I am using the access token i got from application permissions and I also assigned the app "Helpdesk administrator" role
2.Second attempt with Powershell cmdlets:-
Here is the screenshot of output in PowerShell
I had logged in to Microsoft Teams as a global administrator.
How can I fix this?
Is there a reason you are using the Microsoft beta api instead of the v.1.0?
The fact that you are using two different methods and getting a back-end error suggests either it is a problem with the beta api or possibly some error related to your account.
According to the documentation here https://learn.microsoft.com/en-us/graph/api/team-post?view=graph-rest-beta
When creating a new team based on an existing group, the body should be in this format:
POST https://graph.microsoft.com/beta/teams
Content-Type: application/json
{
"template#odata.bind": "https://graph.microsoft.com/beta/teamsTemplates('standard')",
"group#odata.bind": "https://graph.microsoft.com/v1.0/groups('groupId')"
}
Your Postman screenshot has the "group#odata.bind" value as a slightly different format. Try using the one above, and replace groupId with your actual group id.
Good luck.
Im running a simple Java application within a docker container on a EC2 instance. The java application itself has no hard coded credentials and the aws sdk assumes the credentials assigned to the EC2 instance.
This is working fine, but I now need it to dynamically assume a different role during mid execution. I'm trying to get the below code working to help do this but Im hitting an exception on the second last line "AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);"
public void awsAssumeRole(String region,String roleARN, String roleName) {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new ProfileCredentialsProvider())
.withRegion(region)
.build();
AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(roleARN)
.withRoleSessionName(roleName);
AssumeRoleResult roleResponse = stsClient.assumeRole(roleRequest);
Credentials sessionCredentials = roleResponse.getCredentials();
}
Exception below:
Exception in thread "main" java.lang.IllegalArgumentException: No AWS profile named 'default'
the variables Im passing through are in the below format:
roleARN=arn:aws:iam::account-id
roleName=role/role-name-with-path
I dont know how to specify a default profile as there are no credentials on the docker container running the application, there isnt even a .aws folder to put the configurations in, and I wouldnt be able to as we dont allow coding of credentials.
Is there a way I can implement role switching in my case?
Im running the application currently in intellij, using temporarily generated credentials which are passed through as environment variables in an attempt to replicate what the application would see during running in the docker container, but I dont know how accurate this is in terms of replicating how the app will run while in the docker container on the EC2 instance.
Im also very new to AWS roles, and role switching please forgive any misused terminology.
Many thanks
Based on the comments, there were two issues:
Incorrect format of roleARN. It should be full arn of the role.
Use of ProfileCredentialsProvidergets instead of EnvironmentVariableCredentialsProvider.
Following this tutorial: https://cloud.google.com/solutions/using-firebase-real-time-events-app-engine#securedata
I've got it working except that when I authenticate the custom token with Firebase, I get the following error:
Error: The custom token format is incorrect. Please check the documentation.
I have isolated the problem to the App Identity token signing. This is because the code works fine deployed to app-engine. It's just an issue when I try on devserver/localhost.
I have following the AppEngine documentation about setting up the default Service Account locally.
Setting the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of the .json service account keys. I've triple checked the variable is being set.
I tried the alternative method using the gcloud sdk, logging in as my owner account: gcloud beta auth application-default login. Still no luck.
To check I actually changed account, I use this method to get: AppIdentityServiceFactory.getAppIdentityService().getServiceAccountName();. In both configurations I detailed about, this method returns appname#localhost. I was expecting this to be the service account ID given in the .json. ie appname#appspot.gserviceaccount.com.
So I'm a bit at a loss how to debug this problem further, I assume the check I'm doing above is actually proving the validity of the configured service account. Perhaps its something unique to my setup?
Using App Engine Java, latest SDK 1.9.54
Run configuration launched with Maven 3 + IntelliJ
ArchLinux environment
I'm trying to use Rally Lookback Java API and it throws exception saying
com.rallydev.lookback.LookbackException: org.apache.http.conn.HttpHostConnectException: Connection to https://rally1.rallydev.com refused
at com.rallydev.lookback.LookbackQuery.execute(LookbackQuery.java:61)
I could figure out that this error was due to Inaccessibility to rally server due to corporate proxy setup.
Unlike rally rest API which gives setProxy() method to set proxy server which works for me, there is no provision for Lookback API to set proxy and throws this error.
I'm trying this out on windows machine,and expecting any workaround or solution for the same platform.
Thanks,
Sagar
I have forked the repo and have made some changes. I have an open pull request that will be reviewed shortly and then we'll get it pushed to the main repo.
Here's a link to the branch.
https://github.com/trevershick/Rally-Lookback-Toolkit/tree/S72258
If you want to clone that repo and 'mvn package' the source it will generate a .jar file for you that you can use. It's the same interface as the one you're probably using now but has setProxyServer and setProxyCredentials for authenticating against a proxy server via basic auth. If you cannot use basic auth to authenticate against the proxy server then you may need to inject your own instance of DefaultHttpClient (see the Readme). You should be able to add for example an Ntlm Credentials object to the Credentials provider if necessary.
Fee free to ask any questions you may have and i'll update this answer once I get the PR merged in.
I'm trying to get OAuth through SoundCloud set up, but I'm having tremendous trouble. My newest issue is this:
I have the user login through a popup window which is connected to SoundCloud. It gives me a back a code once the user logs in. This is all working; however, the next step is failing for me. Once I have the code, I run this snippet of Java code:
URI redir = new URI("http://localhost:9000/auth/soundcloudcapturetoken");
ApiWrapper api = new ApiWrapper(SC_CLIENT_ID, SC_CLIENT_SECRET, redir, null, Env.SANDBOX);
Token authToken = api.authorizationCode(code);
Java fails on the api.authorizationCode(code) line with this error:
SSLPeerUnverifiedException occured : peer not authenticated
I snooped around online, and stumbled upon this post: http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated
It suggested that I add the two mentioned certs to my java cacerts file(s). I added the two certificates to both my jdk and jre, but my app still fails with the same error. Is there something I am missing here?
As a side note, I am currently using this api to access SoundCloud: https://github.com/soundcloud/java-api-wrapper
SoundCloud dev here.
Are you trying to use the sandbox (i.e. connecting to https://api.sandbox-soundcloud.com) ? If so, I was trying to reproduce your issue and just realised that our certificate for that host expired, we are deploying a new certificate as we speak, really sorry about that.
Also, you can find help from SoundCloud engineers in our mailing list: http://bit.ly/yqcubH