Getting error while configuring AWS profile in vscode - amazon-web-services

"In UBUNTU-22.04"
I am trying to look for my resources in the Vscode editor, but I am getting an error AWS "Failed to load resources." under the Resource option.
I just tried to load resources so that AWS resources can get synced

The error message "AWS multiple items have the key" typically occurs when you are trying to access an AWS resource, such as an S3 bucket or an EC2 instance, that has multiple items with the same key. This can happen if you have multiple copies of the same resource, or if there are multiple resources with the same name.
1 To resolve this issue, you can try the following steps:
2 Check if you have multiple copies of the same resource. If you do, delete the extra copies.
3 Check if there are multiple resources with the same name. If there are, rename the resources to make them unique.
4 Make sure that your AWS CLI and SDK credentials are set up correctly. Go to the AWS Management Console and check if you are logged in with the right credentials.
5 Check if you have the correct permissions to access the resource. Make sure that your IAM role or user has the necessary permissions to access the resource.
6 Try to access the resource using the AWS CLI or SDK. If you are still getting the error, try to access the resource using the AWS Management Console to see if the issue is with your code or with the resource itself.

Related

Terraform using static access id and secret creates instance but not in the account of those credentials

I'm trying to create an AWS EC2 instance using Terraform. It says it creates the instance and if I try run apply again it says it's already there. It isn't being created in my AWS account though and I can't figure out what's going on. I've regenerated the access id and secret from my AWS account and placed those directly in the .tf file and according to Terraform successfully created the instance - it's just not appearing in AWS.
Any ideas?
The most common reason for not being able to find resources in the AWS UI is due to looking at the wrong AWS region. Make note of the region in the top-right corner of the AWS console, and the region you are configuring Terraform to use.

AWS JIRA CloudFormation

I am trying to deploy JIRA on AWS, but am having a hard time setting it up. I couldn't find any document on how to troubleshoot the following errors.
First one is:
S3 error: Access Denied For more information check
I made a S3 bucket public, and was able to bypass this error, but I don't want it to be public, but since creating a whole new stack, I don't have any information of an instance to adjust allow permission to S3 bucket.
Is there any way to troubleshoot this error without adjusting the bucket to be public?
After bypassing the previous error, I was getting this error:
S3 error: The specified key does not exist.
I definitely couldn't find how to troubleshoot this issue? What needs to be done to fix this error?
The Access Denied indicates that you do not have permissions to access content in Amazon S3. The normal way of providing these permissions is:
Create an IAM Role
Assign permission to the role sufficient to access the S3 bucket
Assign the Role to the Amazon EC2 instance running the software
The specified key does not exist error basically means File Not Found.
If you wish any further trouble shooting tips, you'll need to provide details of what you are doing (eg the commands used) and what specific errors you are receiving.
You may also wish to read:
Getting started with JIRA Data Center on AWS - Atlassian Documentation
JIRA on AWS - Quick Start

What do I need to change in order to use the AWS CLI?

I'm trying to use the CLI and Python's package Boto3 to access AWS, but am getting access denied to every service. I can login to the console and see everything and do everything that I'm attempting through the CLI. I'm attached to an IAM group that gives me access to essentially everything, but some error messages say there's an explicit deny which I can't even find.
I've setup my profile with my access and secret keys which are active, but am wondering if I need to do anything else

How to avoid using user profile to perform s3 operations without EC2 instances

According to many advices, we should not configure IAM USER but using IAM Role instead to avoid someone managed to grab the user confidential in .aws folder.
Lets say I don't have any EC2 instances. Can I still able to perform S3 operation via AWS CLI? Says aws s3 ls
MacBook-Air:~ user$ aws s3 ls
Unable to locate credentials. You can configure credentials by running "aws configure".
You are correct that, when running applications on Amazon EC2 instances or as AWS Lambda functions, an IAM role should be assigned that will provide credentials via the EC2 metadata service.
If you are not running on EC2/Lambda, then the normal practice is to use IAM User credentials that have been created specifically for your application, with least possible privilege assigned.
You should never store the IAM User credentials in an application -- there have been many cases of people accidentally saving such files into GitHub, and bad actors grab the credentials and have access to your account.
You could store the credentials in a configuration file (eg via aws configure) and keep that file outside your codebase. However, there are still risks associated with storing the credentials in a file.
A safer option is to provide the credentials via environment variables, since they can be defined through a login profile and will never be included in the application code.
I don't think you can use service roles on your personal machine.
You can however use multi-factor authentication for AWS CLI
You can use credentials on any machine not just EC2.
Follow the steps as described by the documentation for your OS.
http://docs.aws.amazon.com/cli/latest/userguide/installing.html

How can I query my IAM capabilities?

My code is running on an EC2 machine. I use some AWS services inside the code, so I'd like to fail on start-up if those services are unavailable.
For example, I need to be able to write a file to an S3 bucket. This happens after my code's been running for several minutes, so it's painful to discover that the IAM role wasn't configured correctly only after a 5 minute delay.
Is there a way to figure out if I have PutObject permission on a specific S3 bucket+prefix? I don't want to write dummy data to figure it out.
You can programmatically test permissions by the SimulatePrincipalPolicy API
Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources to determine the policies' effective permissions.
Check out the blog post below that introduces the API. From that post:
AWS Identity and Access Management (IAM) has added two new APIs that enable you to automate validation and auditing of permissions for your IAM users, groups, and roles. Using these two APIs, you can call the IAM policy simulator using the AWS CLI or any of the AWS SDKs. Use the new iam:SimulatePrincipalPolicy API to programmatically test your existing IAM policies, which allows you to verify that your policies have the intended effect and to identify which specific statement in a policy grants or denies access to a particular resource or action.
Source:
Introducing New APIs to Help Test Your Access Control Policies
Have you tried the AWS IAM Policy Simulator. You can use it interactively, but it also has some API capabilities that you may be able to use to accomplish what you want.
http://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
Option 1: Upload an actual file when you app starts to see if it succeeds.
Option 2: Use dry runs.
Many AWS commands allow for "dry runs". This would let you execute your command at the start without actually doing anything.
The AWS CLI for S3 appears to support dry runs using the --dryrun option:
http://docs.aws.amazon.com/cli/latest/reference/s3/cp.html
The Amazon EC2 docs for "Dry Run" says the following:
Checks whether you have the required permissions for the action, without actually making the request. If you have the required permissions, the request returns DryRunOperation; otherwise, it returns UnauthorizedOperation.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/CommonParameters.html