I'm in the process of working with a new client to stand up a new OpenSearch system for them so they can capture application logging & events. Associated with this I'm setting up Index Lifecycle Management policies as well as Monitoring & Alerting notifications.
I'm running into an issue with channel creation where when I configure the channel and when I click the 'Create Channel' there is a json parse error being thrown. Details are as follows:
Channel Configuration:
Channel Type: Email
SES Sender: Internal corporate email / valid IAM role
Default Recipients: Same configuration (email address & IAM role) as that used for SES Sender
Clicking 'Create Channel' throws this error
SyntaxError: Expected double-quoted property name in JSON at position 60
at Fetch._callee3$ (https://vpc-validus-os-xe1-dev-shared-uwdw5zev5jbgbe666gnul56rsi.us-east-1.es.amazonaws.com/_dashboards/4104/bundles/core/core.entry.js:15:584417)
at tryCatch (https://vpc-validus-os-xe1-dev-shared-uwdw5zev5jbgbe666gnul56rsi.us-east-1.es.amazonaws.com/_dashboards/4104/bundles/plugin/queryWorkbenchDashboards/queryWorkbenchDashboards.plugin.js:2:2179)
at Generator._invoke (https://vpc-validus-os-xe1-dev-shared-uwdw5zev5jbgbe666gnul56rsi.us-east-1.es.amazonaws.com/_dashboards/4104/bundles/plugin/queryWorkbenchDashboards/queryWorkbenchDashboards.plugin.js:2:1802)
at Generator.throw (https://vpc-validus-os-xe1-dev-shared-uwdw5zev5jbgbe666gnul56rsi.us-east-1.es.amazonaws.com/_dashboards/4104/bundles/plugin/queryWorkbenchDashboards/queryWorkbenchDashboards.plugin.js:2:2954)
at fetch_asyncGeneratorStep (https://vpc-validus-os-xe1-dev-shared-uwdw5zev5jbgbe666gnul56rsi.us-east-1.es.amazonaws.com/_dashboards/4104/bundles/core/core.entry.js:15:577704)
at _throw (https://vpc-validus-os-xe1-dev-shared-uwdw5zev5jbgbe666gnul56rsi.us-east-1.es.amazonaws.com/_dashboards/4104/bundles/core/core.entry.js:15:578112)
Have 'Googled' Opensearch channel creation json parse error and all I bet back are links to the documentation.
Any & all help is greatly appreciated
Bill Youngman
Related
Today I'm facing an issue when want to share the transit gateway to a specific organization with error message below: Organization o-abcdefghq could not be found. (Service: AWSRAM; Status Code: 400; Error Code: UnknownResourceException; Request ID: 70749448-e9101-48c2-918d-c8b40eq1aa32; Proxy: null)
Is anyone able to help me, please? thank you
Transit gateway is able to share within organization
The issue is now solved with the following steps:
Login to your master AWS account as root user
Go to the Organizations console and click 'Settings'
'Disable Access' for AWS Resource Access Manager from the 'Trusted access for AWS services' tab
Go to the RAM console, and Click on Settings.
Select “Enable sharing within your AWS Organization”.
Create the resource share again, remember uncheck "Allow external accounts" option, put the account ID again-->Save.
Background
I am attempting to upload a file to an AWS S3 bucket in Jenkins. I am using the steps/closures provided by the AWS Steps plugin. I am using an Access Key ID and an Access Key Secret and storing it as a username and password, respectively, in Credential Manager.
Code
Below is the code I am using in a declarative pipeline script
sh('echo "test" > someFile')
withAWS(credentials:'AwsS3', region:'us-east-1') {
s3Upload(file:'someFile', bucket:'ec-sis-integration-test', acl:'BucketOwnerFullControl')
}
sh('rm -f someFile')
Here is a screenshot of the credentials as they are stored globally in Credential Manager.
Issue
Whenever I run the pipeline I get the following error
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 5N9VEJBY5MDZ2K0W; S3 Extended Request ID: AJmuP635cME8m035nA6rQVltCCJqHDPXsjVk+sLziTyuAiSN23Q1j5RtoQwfHCDXAOexPVVecA4=; Proxy: null), S3 Extended Request ID: AJmuP635cME8m035nA6rQVltCCJqHDPXsjVk+sLziTyuAiSN23Q1j5RtoQwfHCDXAOexPVVecA4=
Does anyone know why this isn't working?
Trouble Shooting
I have verified the Access Key ID and Access Key Secret combination works by testing it out through a small Java application I wrote. Additionally I set the id/secret via Java system properties ( through the script console ), but still get the same error.
System.setProperty("aws.accessKeyId", "<KEY_ID>")
System.setProperty("aws.secretKey", "<KEY_SECRET>")
I also tried to change the credential manager type from username/password to aws credentials as seen below. It made no difference
it might be a bucket and object ownership issue. check if the credentials you use allow you to upload to the bucket ec-sis-integration-test.
Following this guide and creating a Kinesis Firehose Stream.
I have followed the guide and when I get to creating a subscription filter (step 12), I encounter this error when trying to send to S3:
An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation: Could not deliver test message to specified Firehose stream. Check if the given Firehose stream is in ACTIVE state.
I can confirm that the stream is active and I can send test data via the console and it arrives in S3 as expected.
This is the command I am running (changed my account id):
aws logs put-subscription-filter --log-group-name "myLogGroup" --filter-name "Destination" --filter-pattern "{$.userIdentity.type = Root}" --destination-arn "arn:aws:firehose:ap-southeast-1:1234567890:deliverystream/my-delivery-stream" --role-arn "arn:aws:iam::1234567890:role/CWLtoKinesisFirehoseRole"
I have checked the trusted entities and the role has priviliges to logs and firehose. Any ideas?
I also struggle with this for a long time, for me it was those 2 gothca's:
step 4 in the guide:
make sure to change to bucket name to you bucket:
step 8 !!!:
make sure to put your account ID it is not highlighted:
I am sure you already know how to configure logs subscription filter so not adding steps in my answer
Go to firehose and check logs is your firehose has access to execute lambda ,if not please add required role.
Now start dummy data stream using firehose test and see is your data is moving till lambda or S3.
check cloud trail and cloud watch logs and see if found any error .
Open your IAM role and check all required role added to your role , now click trust relationship add- "logs group ","IAM" and component name in my case its "Ec2"
Hope this will helpful to resolve your issue.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample
I have created application and configuration profile with s3 bucket in AWS app config service .
While trying to fetch configuration data from s3 through app config below parameters required pass but clientid didn't see any where in app config deployment process and its mandatory field.
GetConfigurationRequest request = new GetConfigurationRequest();
request.setApplication("TEST");
request.setEnvironment("test-env");
request.setConfiguration("test-s3");
request.setClientId(""); // mandatory field
request.setClientConfigurationVersion("2");
GetConfigurationResult result = appConfig.getConfiguration(request);
Please help to get clientid and how to configure appconfig service in aws.
From AWS Documentations:
The client-id parameter in the following command is a unique, user-specified ID to identify the client for the configuration.
A unique application instance identifier called a client ID.
You can give any unique client-id in the request by which you can identify the source of the request.
This id also enables AWS AppConfig to deploy the configuration in intervals, as defined in the deployment strategy.
I am running into a strange issue with aws's dynamoDB.
Regularly the dynamoDB aws UI and API calls return the following error:
The AWS Access Key Id needs a subscription for the service
I have a feeling that it's an aws related issue since it happens in the UI and only about 1 in 10 api calls fail with the message. Any suggested solutions would be appreciated.
API Error:
An uncaught Exception was encountered
Type: Aws\DynamoDb\Exception\DynamoDbException
Message: Error executing "PutItem" on "https://dynamodb.us-west-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://dynamodb.us-west-2.amazonaws.com` resulted in a `400 Bad Request` response: {"__type":"com.amazon.coral.service#SubscriptionRequiredException","message":"The AWS Access Key Id needs a subscription (truncated...) SubscriptionRequiredException (client): The AWS Access Key Id needs a subscription for the service - {"__type":"com.amazon.coral.service#SubscriptionRequiredException","message":"The AWS Access Key Id needs a subscription for the service"}
UI error:
The AWS Access Key Id needs a subscription for the service (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: SubscriptionRequiredException; Request ID: ...
After some research, I believe the "The AWS Access Key Id needs a subscription for the service" error is caused by old accounts created when you had to opt in to each individual service.
See this forum post, forums.aws.amazon.com/message.jspa?messageID=609804, for more info.
After creating a completely new AWS account I haven't received the error once, still waiting to see if it can be resolved in my older account.