I was following this guide:
https://aws.amazon.com/getting-started/hands-on/serve-a-flask-app/
I installed everything and got to this section 4:
$ aws lightsail create-container-service --service-name flask-service \ --power small --scale 1
I got an error, but removed the slash:
$ aws lightsail create-container-service --service-name flask-service --power small --scale 1
Then I got:
You must specify a region. You can also configure your region by running "aws configure".
PS C:\Data\programming\lightsail-containers-flask> aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
PS C:\Data\programming\lightsail-containers-flask> aws lightsail create-container-service --service-name flask-service --power small --scale 1
You must specify a region. You can also configure your region by running "aws configure".`
I then ran configure:
PS C:\Data\programming\lightsail-containers-flask> $Env:AWS_ACCESS_KEY_ID="HKDSFJKSJDHEXAMPLE"
PS C:\Data\programming\lightsail-containers-flask> $Env:AWS_SECRET_ACCESS_KEY="HJLhjk678HJK7/ljknioi/hjkytEXAMPLE"
PS C:\Data\programming\lightsail-containers-flask> $Env:AWS_DEFAULT_REGION="us-west-2"`
then running again:
$ aws lightsail create-container-service --service-name flask-service --power small --scale 1``
gives me:
An error occurred (UnrecognizedClientException) when calling the CreateContainerService operation: The security token included in the request is invalid.`
Is there any way for me to solve this or create a docker container service to upload a flask app? I have searched around and can't find an answer, although I'm sure there is one. This is my first time using stack overflow so my apologies for any errors is etiquette or formatting.
Related
My aws is suddenly throwing error everywhere since yesterday.
(on windows terminal, WSL2 ubuntu) Couple days ago terraform worked fine. So I know aws credentials are accurate but to be sure I did
aws configure --profile mohit
Access Key ID [None]: aws_access_key_id
Secret Access Key [None]: default_secret_key
Default region name [None]: us-east-1
Default output format [None]: json
and executed
aws ec2 --profile mohit describe-instances --region ap-south-1
IAM user has Administrator access.So that rules out permission issues.
Also I tried Bunch of different regions, none worked.
An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials
This error is consistent.
AWS says time might be out of sync with amazon.
I tried the solution and
ntpdate[172]: the NTP socket is in use, exiting this error popped.
Also
sudo service ntp stop
>> ntp: unrecognized service
and
Fatal error : adjtimex(0x8001) failed : Function not implemented on trying to do chronyd on WSL2 ubuntu.
How do I fix this?
UPDATE :
I checked my BIOS and clock was off by 5 min there as well (I would love to know the reason) So I manually set it to time.gov UTC.
Problem Solved, but Reason is still unknown!
I am running jenkins off an ec2 image and building a docker image to push into ecr
I keep getting this error
Running shell script
+ aws ecr get-login --no-include-email --region us-east-2
Unable to locate credentials. You can configure credentials by running "aws configure".
I have tried to create the credentials file
ie
touch ~/.aws/credentials and echo >> to the file
I have tried with
--build-arg AWS_ACCESS_KEY_ID=xxxxxxx
and I have also added my credentials into Jenkins
Please any help would be appreciated
You can fix this by configuring aws cli by jenkins user. Just fire this command as jenkins user and mention your access key and secret key along with the AWS region.
First change to Jenkins user
[root#symphony ~]# su -s /bin/bash jenkins
Then configure AWS CLI
[jenkins#symphony ~]$ aws configure
AWS Access Key ID [None]: xxxxxxxxxxxxxxxx
AWS Secret Access Key [None]: yyyyyyyyyyyy
Default region name [None]: us-east-2
Default output format [None]:
Verify the aws cli with this command
[jenkins#symphony ~]$ aws ecr get-login --no-include-email --region us-east-2
NOTE: Make sure your user has access to ECR and ECS.
I am executing the following command
aws ec2 describe-instances
The error that i am getting is:
Could not connect to the endpoint URL: "https://ec2.us-west-2.amazonaws.com/"
I tried this link in my browser and it was working fine. Actually i am completely new to AWS cli and i am trying to stop, start my instances using AWS cli.
I have used the command aws configure and then provided my access key and secret key. In the region i have entered us-west-2 and output as json.
This is an odd one for sure. I have an aws command line user that I've setup with admin privileges in the AWS account. The credentials I generated for the user work when I issue an aws ec2 command. But not when I run an aws iam command.
When I run the aws iam command, this is what I get:
[user#web1:~] #aws iam create-account-alias --account-alias=mcollective
An error occurred (InvalidClientTokenId) when calling the CreateAccountAlias operation: The security token included in the request is invalid.
However when I run an aws ec2 subcommand using the same credentials, I get a success:
[root#web1:~] #aws ec2 describe-instances --profile=mcollective
RESERVATIONS 281933881942 r-0080cb499a0299557
INSTANCES 0 x86_64 146923690580740912 False xen ami-6d1c2007 i-00dcdb6cbff0d7980 t2.micro mcollective 2016-07-27T23:56:50.000Z ip-xxx-xx-xx-xx.ec2.internal xx.xx.xx.xx ec2-xx-xx-xx-xx.compute-1.amazonaws.com xx.xxx.xx.xx /dev/sda1 ebs True subnet-0e734056 hvm vpc-909103f7
BLOCKDEVICEMAPPINGS /dev/sda1
EBS 2016-07-23T01:26:42.000Z False attached vol-0eb52f6a94c5833aa
MONITORING disabled
NETWORKINTERFACES 0e:68:20:c5:fa:23 eni-f78223ec 281933881942 ip-xxx-xx-xx-xx.ec2.internal xxx.xx.xx.xx True in-use subnet-0e734056 vpc-909103f7
ASSOCIATION 281933881942 ec2-xxx-xx-xx-xx.compute-1.amazonaws.com xx.xx.xx.xx
ATTACHMENT 2016-07-23T01:26:41.000Z eni-attach-cbf11a1f True 0 attached
GROUPS sg-b1b3bdca CentOS 7 -x86_64- - with Updates HVM-1602-AutogenByAWSMP-
PRIVATEIPADDRESSES True ip-xxx-xx-xx-xxx.ec2.internal xxx.xx.xx.xx
ASSOCIATION 281933881942 ec2-xx-xx-xx-xx.compute-1.amazonaws.com xx.xx.xx.xx
PLACEMENT us-east-1a default
PRODUCTCODES aw0evgkw8e5c1q413zgy5pjce marketplace
SECURITYGROUPS sg-b1b3bdca CentOS 7 -x86_64- - with Updates HVM-1602-AutogenByAWSMP-
STATE 16 running
TAGS Name mcollective
You have mail in /var/spool/mail/root
[root#web1:~] #
So why the heck are the same credentials working for one set of aws subcommands, but not another? I'm really curious about this one!
This question was answered by #garnaat, but the answer was buried in the comments of the question, so quoting the answer here for those who glaze over it:
Different profiles are being used in each command through use of --profile flag
Explanation:
In the first command
[user#web1:~] #aws iam create-account-alias --account-alias=mcollective
--profile is not specified, so the default aws profile credentials are automatically used
In the second command
aws ec2 describe-instances --profile=mcollective
--profile is specified, which overrides the default profile
I'm trying to use the AWS CLi for the first time, and I am doing it through putty by SSHing to the ec2 instance.
I want to run a command like "aws ec2 authorize-security-group-ingress [options]"
But I get the following error: "A client error (UnauthorizedOperation) occurred when calling the AuthorizeSecurityGroupIngress operation: You are not authorized to perform this operation."
I believe that this is related to IAM user credentials. I have found out where to create IAM users, however I still don't understand how this helps me to execute this command when I'm logged into the server as ec2-user or root, or run the command through CRON.
I have done a fair amount of reading regarding the access controls on AWS in their documentation, but I seem to be missing something.
How can I allow the command to be executed from within the AWS instance?
The missing information I was looking for is the command: aws configure
http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json