I am trying to learn Amazon AWS. I ran their tutorial package-"GettingStartedApp.java" after setting my access id and access key in the property file. But I see this exception.
Caught Exception: The security group 'gettingstartedgroup' does not exist
Reponse Status Code: 400
Error Code: InvalidGroup.NotFound
How should I correct this?
You are probably trying to use the string "gettingstartedgroup" as a security group.
If you just created your EC2 AWS instance, then you either add a security group with that name or use the default one.
For the latter, just change from gettingstartedgroup to default.
At first, please execute CreateSecurityGroupApp.java and then GettingStartedGroup will be creataed in Oregon region.
Related
I have a java application running in ECS in which I want to read data from table in account 1 (source_table) and write it to a table in account 2 (destination_table). I created two dynamodb clients with different credential providers - for source_table client I'm using an STSAssumeRoleSessionCredentialsProvider with the arn of a role in account 1; for destination client I'm using DefaultAWSCredentialsProviderChain.
The assume role bit works and I'm able to read using the source client but using the destination client does not work - it still tries to use the assumed role credentials when trying to write to destination_table and fails with unauthorized error (assumed-role is not authorized to perform Put Item).
I tried using EC2ContainerCredentialsProviderWrapper on the destination client but same error.
Should this work? Or are the credentials shared under the hood which makes it impossible to have two different AWSCredentialProviders running simultaneously like this?
I noticed this answer which uses static credentials and apparently works, so I'm at a loss why this doesn't work.
I figured it out with some help from AWS support. It was a problem with my IAM configuration on the role in account 2. I was misled by the error message which said 'assumed-role is not authorized to perform Put Item' when in fact my original account 2 role itself was unable to do so.
I'm working on a flow to send an attached file to a mail.
<smtp:outbound-endpoint host="${instance.smtp.host}" port="${instance.smtp.port}" user="${instance.smtp.user}" password="${instance.smtp.password}" responseTimeout="10000" doc:name="SMTP" connector-ref="SMTP" from="${instance.smtp.account}" to="${instance.smtp.user}" subject="Transaction ID #[flowVars.transactionId]"/>
Everything is working well, I already have tested my flow and the mails are arriving to the specified mail address, however, I'm trying to modify the subject dynamically, using a value stored in a variable, and then the problem appears, seems like it's not possible to use my expression to set the subject's mail.
subject="Transaction ID #[flowVars.transactionId]"
This is the error I'm getting.
Root Exception stack trace:
[Error: unresolvable property or identifier: Transaction]
[Near : {... Transaction ID #[flowVars.tran ....}]
^
Do you have any clue about this problem or how can I fix it?
Thanks in advance.
You need to rearrange the expression so all of it is within the #[....]
subject="#['Transaction ID ' + flowVars.transactionId]"
Some fields get parsed as MEL expressions and some are more like templated strings that allow expression substitutions.
(One of Mule's annoyances)
Please debug the application and test if your flow variable for "transactionId" is being set before reaching to the SMTP message source.
I'm looking for simple way of verifying an arbitrary Azure Table connection string that uses a SAS such as the one below using the Azure Storage's Java SDK:
https://example.table.core.windows.net/example?sig=aaabbbcccdddeeefffggghhh%3D&se=2020-01-01T00%3A00%3A00Z&sv=2015-04-05&tn=example&sp=raud
I tried a bunch of different methods exposed by the CloudTable api, but none of them works.
CloudTable.exists() throws a StorageException, regardless of whether the credentials are valid
getName(), getStorageUri(), getUri(), and other getters - all work locally, regardless of the credentials
getServiceClient().downloadServiceProperties() and getServiceClient().getServiceStats() also throw various exceptions, while getServiceClient().getEndpoint() and getServiceClient().getCredentials() and others always work locally.
Why don't I just query the Table for a row or two? Well, in many cases I need to verify a SAS that gives only write or update premissions (without delete or read permissions), and I do not want to execute a statement that changes something in the table just to check the credentials.
To answer your questions:
CloudTable.exists() throws a StorageException, regardless of whether
the credentials are valid
I believe there's a bug with the SDK when using this method with SAS Token. I remember running into the same issue some time back.
getName(), getStorageUri(), getUri(), and other getters - all work
locally, regardless of the credentials
These will work as they don't make network call. They simply use the data available to them in the different instance variables and return the data.
getServiceClient().downloadServiceProperties() and
getServiceClient().getServiceStats() also throw various exceptions,
while getServiceClient().getEndpoint() and
getServiceClient().getCredentials() and others always work locally.
In order for getServiceClient().someMethod() to work using SAS, you would need Account SAS instead of Service SAS (which you're using right now).
Why don't I just query the Table for a row or two? Well, in many cases
I need to verify a SAS that gives only write or update premissions
(without delete or read permissions), and I do not want to execute a
statement that changes something in the table just to check the
credentials.
One possible way to check the validity of a SAS Token for write operation is to perform a write operation which you know will fail with an error. For example, you can try to insert an entity which is already there. In this case, you should get a Conflict (409) error. Other thing you could try to do is perform an optimistic write by specifying some random Etag value and check for Precondition Failed (412) error. If you get a 403 error or 404 error, that would indicate there's something wrong with your SAS token.
I was evaluating the APIGEE proxy apis and accessing by programmatic deploy and invoke.
I downloaded the sample programs (api-pltform-samples-master). While testing the simpleProxy, I ran the deploy.sh and kept receiving the error:
Deploying to test on https://api.enterprise.apigee.com using batabya and batabya
Writing ../simpleProxy/deploy.sh to ./deploy.sh
Writing ../simpleProxy/invoke.sh to ./invoke.sh
Writing ../simpleProxy/apiproxy/weatherapi.xml to apiproxy/weatherapi.xml
Writing ../simpleProxy/apiproxy/proxies/default.xml to apiproxy/proxies/default.xml
Writing ../simpleProxy/apiproxy/resources/jsc/changeResponse.js to apiproxy/resources/jsc/changeResponse.js
Writing ../simpleProxy/apiproxy/resources/jsc/generateResponse.js to apiproxy/resources/jsc/generateResponse.js
Writing ../simpleProxy/apiproxy/resources/jsc/MashItUp.js to apiproxy/resources/jsc/MashItUp.js
Writing ../simpleProxy/apiproxy/resources/py/calculateAddress.py to apiproxy/resources/py/calculateAddress.py
Writing ../simpleProxy/apiproxy/resources/py/setHeader.py to apiproxy/resources/py/setHeader.py
Writing ../simpleProxy/apiproxy/resources/py/Timer.py to apiproxy/resources/py/Timer.py
Writing ../simpleProxy/apiproxy/resources/xsl/rewriteEndpoint.xsl to apiproxy/resources/xsl/rewriteEndpoint.xsl
Writing ../simpleProxy/apiproxy/targets/default.xml to apiproxy/targets/default.xml
Import failed to /v1/organizations/batabya/apis?action=import&name=weatherapi with status 401:
If 'State: deployed', then your API Proxy is ready to be invoked.
Run '$ sh invoke.sh'
If you get errors, make sure you have set the proper account settings in /setup/setenv.sh
FYI: I have created my profile with admin rights.
The 401 error indicates an issue with authentication. There are 3 factors that comprise authentication here: (1) organization name, (2) username and (3) password.
The (1) organization name and (2) are username are configured in setenv.sh. The (3) password is prompted for from deploy.sh.
Make sure you have set your org and username by modifying the following two lines in setenv.sh :
org="Enter the name of your organization here"
username="Enter your Apigee username"
One important clarification:
username="Enter your Apigee username"
This value needs to be the email address associated with your account on enterprise.apigee.com.
We'll update the README to clarify this.
I'm trying to start a Amazon EC2 cloud machine with [startInstance][2] method using aws-sdk in Java. My code is as follows.
public String startInstance(String instanceId) throws Exception {
List<String> instanceIds = new ArrayList<String>();
instanceIds.add(instanceId);
StartInstancesRequest startRequest = new StartInstancesRequest(
instanceIds);
startRequest.setRequestCredentials(getCredentials());
StartInstancesResult startResult = ec2.startInstances(startRequest);
List<InstanceStateChange> stateChangeList = startResult
.getStartingInstances();
log.trace("Starting instance '{}':", instanceId);
// Wait for the instance to be started
return waitForTransitionCompletion(stateChangeList, "running",
instanceId);
}
When I run the above code, i'm getting the following AWS error:
Status Code: 400, AWS Request ID: e1bd4795-a609-44d1-9e80-43611e80006b, AWS Erro
r Code: InvalidInstanceID.NotFound, AWS Error Message: The instance ID 'i-2b97ac
2f' does not exist
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpCli
ent.java:538)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.ja
va:283)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:168
)
at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.jav
a:5208)
at com.amazonaws.services.ec2.AmazonEC2Client.startInstances(AmazonEC2Cl
ient.java:2426)
AWS Error Message: The instance ID 'i-2b97ac2f' does not exist
You'll have to take the AWS response for granted here, i.e. the instance does not exist ;)
But seriously: Presumably you have already verified that you are actually running an instance with this ID in your account? Then this is most likely caused by targeting the wrong API endpoint, insofar an instance ID is only valid within a specific region (if not specified, the region defaults to 'us-east-1', see below).
In this case you need to specify the actual instance region via the setEndpoint() method of the AmazonEC2Client object within the apparently global ec2 variable before calling startInstances().
There are some examples regarding Using Regions with the AWS SDKs and all currently available AWS regional endpoint URLs are listed in Regions and Endpoints, specifically the Amazon Elastic Compute Cloud (EC2) defaults to 'us-east-1':
If you just specify the general endpoint (ec2.amazonaws.com), Amazon
EC2 directs your request to the us-east-1 endpoint.
We run a service (Qubole) that frequently spawns and then tags (and in some cases terminates) AWS instances immediately.
We have found that Amazon will, every once in a while, claim an instanceid as invalid - even though it has just created it. Retrying a few times with some sleep time thrown in usually solves the problem. Even a total retry interval of 15s proved insufficient in rare cases.
This experience comes from the useast region. We do not make api calls to different regions - so that is not an explanation. More likely - this is the infamous eventual consistency at work - where AWS is unable to provide read-after-write consistency for these api calls.
I am using the AWS ruby api and I noticed the same issue when creating an AMI image and its status is pending when I look in the AWS console but after a while the image is available for use.
Here is my script
image = ec2.images.create(:name => image_name, :instance_id => ami_id, :description => desc)
sleep 5 while image.state != :available
I sleep for about 5 sec for image to be in available but I get the error saying that the "AWS Error Message: InvalidInstanceID.NotFound". During my testing this is fine but most of the time this seems to be failing during continuous integration builds.
InvalidInstanceID.NotFound means the specified instance does not exist.
Ensure that you have indicated the region in which the instance is located, if it's not in the default region.
This error may occur because the ID of a recently created instance has not propagated through the system. For more information, see Eventual Consistency.