I am running this command
terraformer import aws --resources=lambda --regions=us-east-1
and getting the following error:
2022/12/28 12:35:19 aws error initializing resources in service lambda, err: operation error Lambda: GetPolicy, https response error StatusCode: 404, RequestID: xxxxx-xxxxx-xxxxx-xxxxx, ResourceNotFoundException: The resource you requested does not exist.
can someone assist?
I have checked that i can pull the lambdas using aws cli and i am getting them properly
It's an open issue, probably related to
failing on finding the first lambda with no resource policy (inline policy doesn't cut it apparently). so, if you can put a resource policy on all your lambdas you should get it to work.
See the thread here:
https://github.com/GoogleCloudPlatform/terraformer/issues/1599
Related
I'm trying to create ECS Fargate deployment using Cloudformation script, but the script fails during creation of ECS Cluster with error saying that unable to assume service role. I'm not able to figure out what I'm missing in the script, I have tried many ways none of them seem to be working.
Here is the link to cloud formation script as I'm not able to post it here due to character limitation.
ECS Cloudformation script
the error where the resource creation fails.
Resource handler returned message: "Invalid request provided: CreateCluster Invalid Request: Unable to assume the service linked role. Please verify that the ECS service linked role exists. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: e08ab312-4bd8-4c21-852f-ae5d49cc5932; Proxy: null)" (RequestToken: a686f226-e1d3-7b4c-13f1-66fa0a516c51, HandlerErrorCode: InvalidRequest
I'm able to get it working if I create an ECS cluster from aws console, as it creates a service liked role. But I want to work without creating the cluster manually from Console, enerything building up from Cloudformation. I tried looking over aws docs and did dig up Internet but couldn't get it working.Can anyone please help me out.
Currently, when I try to run terraform plan or terraform apply, my code hangs for a very long time before eventually throwing this command
Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling
sts:GetCallerIdentity: operation error STS: GetCallerIdentity, exceeded maximum number of attempts, 25,
https response error StatusCode: 0, RequestID: , request send failed, Post
"https://sts.us-east-1a.amazonaws.com/": x509: “Kubernetes Ingress Controller Fake Certificate”
certificate is not trusted
│
│ with module.test.provider["registry.terraform.io/hashicorp/aws"],
│ on asg-launch-configuration/provider.tf line 1, in provider "aws":
│ 1: provider "aws" {
│
This only stared to happen after I believe a previous terraform apply was interrupted with a Control + C. I have deleted all of the terraform state files (I believe) and have even deleted the entire folder where the code was, but the error persists when I try to run other terraform apply commands. I have also went into the aws console and I believe deleted all the items that are provisioned by that terraform code.
Any idea what issue may have occurred?
Edit:
I am using a module, but the provider block is only this:
provider "aws" {
region = var.region
}
Edit 2:
It turns out there was a ec2_instance_profile that had not been deleted. I was able to change the aws region and when running terraform apply it told me that the above was still there, and I was able to delete it using the AWS CLI. Now everything works as expected.
It turns out there was a ec2_instance_profile that had not been deleted. I was able to change the aws region and when running terraform apply it told me that the above was still there, and I was able to delete it using the AWS CLI. Now everything works as expected.
We have a CodePipeline process set up, and all stages work except the CodeDeploy stage.
Our pipeline stage is as follows:
GenerateChangeSet for CloudFormation
ExecuteChangeSet for CloudFormation
Deploy for CodeDeploy
These stages were set up and configured by CodeStar.
Our GenerateChangeSet stage tries to access s3 to get our BuildArtifact, but fails with the following error:
Action execution failed
Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 40P7HSHQGWXSRA72; S3 Extended Request ID: I6hiCC7xx+YmnQMLfUnMzZziLDz/5b8uJWzOqWNZwSiVRCS14Q6UyVfss6q80teO5MAGuR9Xft4=; Proxy: null)
This suggests that CloudFormation cannot access s3, but I've checked and rechecked the policy that it uses and it definitely has the correct permissions for accessing s3.
I'm not quite sure why this error is happening, given that the role policy does indeed have access to s3. I even went with the nuclear option of granting this role full control over s3 (with a view to reverting once I solved the issue), but to no avail, the error still occurs.
Has anyone encountered this before? Anyone know why it might be happening?
I discovered the issue. The CloudFormation template file (template.yml and template-configuration.yml) was reading the one from the repo, but that had been removed at some point prior, so I was getting access denied errors from that resource.
I wish the error message was more explicit, it would have saved hours.
I am trying to send messages to my AWS Lambda Function from AWS Pinpoint through custom channel as described here
My problem is about granting permission to AWS Pinpoint to invoke my lambda function. The AWS CLI command provided in the documentation for granting permission is not working. When I execute the aws lambda add-permission command from AWS CLI like described in the documentation, I got the following error:
"no matches found: arn:aws:mobiletargeting:us-east-1:<account-id>:apps/*"
The result doesn't change if I change the ARN to any of the below:
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/campaigns/*
arn:aws:mobiletargeting:us-east-1:<account-id>:/apps/<pinpoint-app-id>/*
arn:aws:mobiletargeting:us-east-1:<account-id>:/apps/<pinpoint-app-id>/campaigns/*
I tried the same with AWS Cloudformation instead of AWS CLI, I succeeded to grant permission to AWS Pinpoint to invoke my lambda function. At least the Resource Based Policy appeared in the "Permissions" tab of my AWS Lambda Function Console. The source ARN like condition is
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*
But, when I try to create a campaign under the same pinpoint application (i.e., project) I got the following error message:
"Amazon Pinpoint couldn’t invoke the Lambda function that you specified for custom delivery. Verify that a function policy is assigned to the function and that Amazon Pinpoint is authorized to invoke the function."
I tried different SourceArn like condition including the followings, but the result is the same:
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/campaigns/*
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/*
arn:aws:mobiletargeting:us-east-1:<account-id>:*
arn:aws:mobiletargeting:us-east-1:<account-id>:/apps/*
Couldn't figure out what the problem is. Any idea about what I am missing will be greatly appreciated.
Thanks in advance!
Interesting but the same aws lambda add-permission command that returned no matches found: arn:aws:mobiletargeting:us-east-1:<account-id>:apps/* is working after sudo su.
This is probably too late, but for anyone that has a similar problem and don't want to go through the whole cloudformation template at least for now.
I had the same issue with
"no matches found: arn:aws:mobiletargeting:us-east-1::apps/*".
It was due to my terminal behaving weirdly with '*', so adding single quotes around the arn worked, like:
arn:aws:mobiletargeting:us-east-1:<account-id>:apps/<pinpoint-app-id>/*
I'm trying to just test out AWS s3 with eclipse using Java, I'm just trying to execute the Amazon s3 sample, but it doesn't recognise my credentials, and I'm sure my credentials are legitimate, it gives me the following error:
===========================================
Getting Started with Amazon S3
===========================================
Listing buckets
Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reason.
Error Message: Status Code: 403, AWS Service: Amazon S3, AWS Request ID: 057D91D336C1FASC, AWS Error Code: InvalidAccessKeyId, AWS Error Message: The AWS Access Key Id you provided does not exist in our records.
HTTP Status Code: 403
AWS Error Code: InvalidAccessKeyId
Error Type: Client
Request ID: 057D91D336C1FASC
a little update here:
so there's a credential file that aws creates in the computer system. mine case was '/Users/macbookpro/.aws/credentials'
the file in this place decides the default accessKeyId and stuff.. go ahead and update it.
So I ran into the same issue, but i think i figured it out.
I was using Node.js, but i think the problem should be the same since it's how they have structured their object was the issue.
in javascript if you run this in the backend,
var aws = require('aws-sdk');
aws.config.accessKeyId= "Key bablbalab"
console.log(aws.config.accessKeyId)
you will find it prints out something different. coz the correct way of setting the accessKeyId isn't what they have provided in the official website tutorial
aws.config.accessKeyId="balbalb"
or
aws.config.loadFromPath = ('./awsConfig.json')
or any of that.
If you log the entire "aws.config", you will find the correct way is
console.log(aws.config)
console.log(aws.config.credentials.secretAccessKey)
aws.config.credentials.secretAccessKey="Key balbalab"
you see the structure of the object? there's the inconsistence