How do I Update CloudFront ResponseHeadersPolicyId - amazon-web-services

I'm using awscli and shell script
I got under error when I excute awscli
How can I fix it?
Unknown parameter in DistributionConfig.DefaultCacheBehavior: "ResponseHeadersPolicyId", must be one of: TargetOriginId, TrustedSigners, ViewerProtocolPolicy, AllowedMethods, SmoothStreaming, Compress, LambdaFunctionAssociations, FieldLevelEncryptionId, RealtimeLogConfigArn, CachePolicyId, OriginRequestPolicyId, ForwardedValues, MinTTL, DefaultTTL, MaxTTL
awscli = ./example_script.sh example_bucket /index
#!/bin/bash CLOUDFRONT_DISTRIBUTION_ID=EXAMPLE_ID NEW_ORIGIN="$1.s3.ap-northeast-2.amazonaws.com" NEW_PATH="$2" NEW_RES_HEADER_POLICY="5cc3b908-e619-4b99-88e5-2cf7f45965bd" ETAG=`aws cloudfront get-distribution --id $CLOUDFRONT_DISTRIBUTION_ID | jq -r .ETag` aws cloudfront get-distribution --id $CLOUDFRONT_DISTRIBUTION_ID | \ jq --arg NEW_ORIGIN "$NEW_ORIGIN" '.Distribution.DistributionConfig.Origins.Items[0].Id=$NEW_ORIGIN' | \ jq --arg NEW_ORIGIN "$NEW_ORIGIN" '.Distribution.DistributionConfig.Origins.Items[0].DomainName=$NEW_ORIGIN' | \ jq --arg NEW_PATH "$NEW_PATH" '.Distribution.DistributionConfig.Origins.Items[0].OriginPath=$NEW_PATH' | \ jq --arg NEW_RES_HEADER_POLICY "$NEW_RES_HEADER_POLICY" '.Distribution.DistributionConfig.DefaultCacheBehavior.ResponseHeadersPolicyId=$NEW_RES_HEADER_POLICY' | \ jq --arg NEW_ORIGIN "$NEW_ORIGIN" '.Distribution.DistributionConfig.DefaultCacheBehavior.TargetOriginId=$NEW_ORIGIN' | \ jq .Distribution.DistributionConfig > config.json aws cloudfront update-distribution --id $CLOUDFRONT_DISTRIBUTION_ID --distribution-config "file://config.json" --if-match $ETAG > /dev/null aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION_ID --paths "/*" rm config.json
I want use managed response header policy to update response header policy using awscli

Related

AWS CLI - SSL check on every bucket

I'm just getting started with learning AWS CLI, I was wondering is there a way of checking pre-existing buckets and seeing if they have SSL enabled?
Many Thanks

buckets=`aws s3api list-buckets | jq -r '.Buckets[].Name'`
for bucket in $buckets
do
#echo "$bucket"
if aws s3api get-bucket-policy --bucket $bucket --query Policy --output text &> /dev/null; then
aws s3api get-bucket-policy --bucket $bucket --query Policy --output text | jq -r 'select(.Statement[].Condition.Bool."aws:SecureTransport"=="false")' | wc | awk {'print $1'}`

AWS S3 unable to restore deleted files if the files and folders having special characters

Command used to restore.
aws s3api list-object-versions \
--bucket Bucket-Name \
--prefix "folders-to-restore" \
--output json \
--query 'DeleteMarkers[?IsLatest==`true`] | [?LastModified > `2022-10-20`] | [?LastModified < `2022-10-22`].[Key, VersionId]' \
| jq -r '.[] | "--key '\''" + .[0] + "'\'' --version-id " + .[1]' \
| xargs -L1 aws s3api delete-object --bucket Bucket-Name
The error appeared when having special characters in files and folders.
unmatched single quote; by default quotes are special to xargs unless you use the -0 option
I have used 0 in place of 1 where xargs -L1 but not working tried all possible ways.
Need to help to resolve the issue

Boto3 script to get Instance Status 1/2 or 2/2 in terraform using external data source

Can you help me for Boto3 script to get Instance Status 1/2 or 2/2 check in terraform using external data source .I am new to python and Terraform .

Using bash as shown in the docs could be easier
get_instance_status.sh
#!/bin/bash
set -e
eval "$(jq -r '#sh "INSTANCE_ID=\(.id)"')"
status=$(aws ec2 describe-instance-status --instance-ids ${INSTANCE_ID} --output json --query 'InstanceStatuses[0]')
instance_status=$(echo ${status} | jq -r '.InstanceStatus.Details[0].Status')
system_status=$(echo ${status} | jq -r '.SystemStatus.Details[0].Status')
jq -n --arg inst_status "$instance_status" \
--arg sys_status "$system_status" \
'{"instance_status":$inst_status,"system_status":$sys_status}'
Then in your TF:
data "external" "instance_status" {
program = ["bash", "${path.module}/get_instance_status.sh"]
query = {
id = "i-08efdfdffb3"
}
}
output "test" {
value = data.external.instance_status.result
}
example output:
test = tomap({
"instance_status" = "passed"
"system_status" = "passed"
})

Escape correctly long sequence of systemd command

I have the following systemd unit
[Unit]
Description=Tag EBS Volumes without tags with AutoScaling Group tags
[Service]
Type=oneshot
ExecStartPre=/bin/bash -c "/usr/bin/curl -s https://stedolan.github.io/jq/download/linux64/jq > /usr/local/bin/jq && chmod +x /usr/local/bin/jq"
ExecStart=/bin/bash
-c 'AWS_REGION=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/[a-z]$//'); \
INSTANCE_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id); \
VOLUMES=$(/usr/local/bin/aws ec2 describe-volumes --region $AWS_REGION --filters Name=attachment.instance-id,Values=$INSTANCE_ID | /usr/local/bin/jq -r '"'"'.Volumes[] | select(.Tags == null) | .Attachments[].VolumeId'"'"'); \
AUTOSCALING_GROUP=$(/usr/local/bin/aws autoscaling describe-auto-scaling-instances --region $AWS_REGION --instance-ids $INSTANCE_ID | /usr/local/bin/jq -r .AutoScalingInstances[].AutoScalingGroupName); \
TAGS=$(/usr/local/bin/aws autoscaling describe-tags --region $AWS_REGION --filters Name=auto-scaling-group,Values=$AUTOSCALINGGROUP --query '"'"'Tags[*].{Key:Key,Value:Value}'"'"'); \
/usr/local/bin/aws ec2 create-tags --region "$AWS_REGION" --resources "$VOLUMES" --tags "$TAGS";'
I'd like to ask if you have some recommendations to make it more readable and working. I'm not able to escape correctly the sequence and I get error to execute it.
Dec 16 09:43:36 ip-172-20-39-162 systemd[1]: Started Tag EBS Volumes without tags with AutoScaling Group tags.
Dec 16 10:21:03 ip-172-20-39-162 systemd[1]: [/lib/systemd/system/kops-hook-tag-ebs-volumes.service:11] Unknown lvalue '-c 'AWS_REGION' in section 'Service'

Looking purely at your question, you're missing an escape \ on line
ExecStart=/bin/bash
Should be
ExecStart=/bin/bash \
-c 'AWS_REGION=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/[a-z]$//'); \
INSTANCE_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id); \
VOLUMES=$(/usr/local/bin/aws ec2 describe-volumes --region $AWS_REGION --filters Name=attachment.instance-id,Values=$INSTANCE_ID | /usr/local/bin/jq -r '"'"'.Volumes[] | select(.Tags == null) | .Attachments[].VolumeId'"'"'); \
AUTOSCALING_GROUP=$(/usr/local/bin/aws autoscaling describe-auto-scaling-instances --region $AWS_REGION --instance-ids $INSTANCE_ID | /usr/local/bin/jq -r .AutoScalingInstances[].AutoScalingGroupName); \
TAGS=$(/usr/local/bin/aws autoscaling describe-tags --region $AWS_REGION --filters Name=auto-scaling-group,Values=$AUTOSCALINGGROUP --query '"'"'Tags[*].{Key:Key,Value:Value}'"'"'); \
/usr/local/bin/aws ec2 create-tags --region "$AWS_REGION" --resources "$VOLUMES" --tags "$TAGS";'
To simplify things; I would suggest setting your environment variables in ExecStartPre

Execution failed due to configuration error: Malformed Lambda proxy response

for reference you can visit this aws issue i've created:
https://github.com/aws/aws-cli/issues/3118
I use this AWS CLI commands below but it is inside to *.sh file
no problem with the script it successfully run
NOTE: i manually create API
```
remove GET method
aws apigateway delete-method \
--rest-api-id 2132132 \
--resource-id 8998989 \
--http-method GET \
/dev/null 2>&1 && echo '-> [aws] APIGateway GET method removed'
remove permission first
aws lambda remove-permission \
--function-name function_main \
--statement-id function_main \
/dev/null 2>&1 && echo '-> [aws] APIGateway permission removed'
and then add method
aws apigateway put-method \
--rest-api-id 2132132 \
--resource-id 8998989 \
--http-method GET \
--authorization-type 'NONE' \
--region us-east-1 \
/dev/null 2>&1 && echo '-> [aws] APIGateway GET method created'
and add integration.
aws apigateway put-integration \
--region us-east-1 \
--rest-api-id 2132132 \
--resource-id 8998989 \
--http-method GET \
--type AWS_PROXY \
--integration-http-method GET \
--passthrough-behavior WHEN_NO_MATCH \
--uri "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:23645667:function:function_main/invocations" \
/dev/null 2>&1 && echo '-> [aws] APIGateway integration added'
and add method response
aws apigateway put-method-response \
--rest-api-id 2132132 \
--resource-id 8998989 \
--http-method GET \
--status-code 200 \
--response-models "{\"application/json\": \"Empty\"}" \
/dev/null 2>&1 && echo '-> [aws] APIGateway GET method response created'
and then add
aws lambda add-permission \
--function-name function_main \
--statement-id 4454854604c23688a9f42907de4d18ec \
--action "lambda:InvokeFunction" \
--principal apigateway.amazonaws.com \
--source-arn "arn:aws:execute-api:us-east-1:23645667:2132132/*/GET/" \
/dev/null 2>&1 && echo '-> [aws] APIGateway permission added'
```
but the output is this, in method response I can't see HTTP STATUS: Proxy or just 'Select an Integration response' unlike when i manually add method and integration there is (please see below image difference)
ERROR
WORKING
AWS CLI Versions : aws-cli/1.14.32 Python/2.7.10 Darwin/17.3.0 botocore/1.8.36

i just want to share answer from github.com/issues by https://github.com/kyleknap
>
#XanderDwyl I think you need to include an apigateway put-integration-response command in your shell script even if you are doing a proxy integration. We had to do something similar in old version of chalice. I would recommend checking out some of the source code. It is Python, but the parameters and values map directly back to CLI commands and parameters. So it should be straightforward to figure out what may be missing. Let us know if that helps.