I can delete aws transit gateway attachment via UI, but not via aws cli:
% /usr/local/bin/aws ec2 describe-transit-gateway-attachments --region ca-central-1 --transit-gateway-attachment-ids tgw-attach-00f7dc90293fb83a3
{
"TransitGatewayAttachments": [
{
"TransitGatewayAttachmentId": "tgw-attach-00f7dc90293fb83a3",
"TransitGatewayId": "tgw-0d86b5d260027d803",
"TransitGatewayOwnerId": "478397617193",
"ResourceOwnerId": "478397617193",
"ResourceType": "peering",
"ResourceId": "tgw-04de1919be2d38d6d",
"State": "available",
"Association": {
"TransitGatewayRouteTableId": "tgw-rtb-03d7c372b2f126709",
"State": "associated"
},
"CreationTime": "2022-11-04T09:44:45+00:00",
}
]
}
% aws ec2 delete-transit-gateway-vpc-attachment --transit-gateway-attachment-id tgw-attach-00f7dc90293fb83a3 --region ca-central-1
An error occurred (InvalidTransitGatewayAttachmentID.NotFound) when calling the DeleteTransitGatewayVpcAttachment operation: Transit Gateway VPC Attachment tgw-attach-00f7dc90293fb83a3 was deleted or does not exist.
Why do i get this error ? It clearly exists (we can see it via aws cli and console UI). I can also delete it from UI. I have full admin right when using aws cli.
Thanks,
Related
We are working on a POC in AWS Amplify and we have a requirement to store all the deployments logs (individual deploy jobs) for a period of 1 year. At the moment we have a functional application deployed in Amplify and we can see all the access logs in the Amplify console. But the deployment logs are only available through the AWS CLI and I cannot find them anywhere in the console. when I query aws amplify list-jobs --app-id "${AMPLIFY_APP_ID}" --branch-name "${branch}" it will give me the below output,
{
"jobSummaries": [
{
"jobArn": "xxxxxxxxxxxxxx",
"jobId": "xxxxxxxxxxxxxx",
"commitId": "xxxxxxxxxxxxxx",
"commitMessage": "xxxxxxxxxxxxxx",
"commitTime": "xxxxxxxxxxxxxx",
"startTime": "xxxxxxxxxxxxxx",
"status": "SUCCEED",
"endTime": "xxxxxxxxxxxxxx"
}
}
I noticed we can use log groups and the Lambda function to store access logs. I need to find a way to store these deployment logs in an S3 or some kind of Database. Appreciate your suggestions.
I have performed aws configure and ask configure after installing ask-cli.
While setting up new skill using ask new selected NodeJS, AWS with CloudFormation.
Trying to deploy the skill using ask deploy, getting [Error]: CliError: The CloudFormation deploy failed for Alexa region "default": Access Denied.
Tried setting the region in ~/.aws/config and in ~/.aws/credentials, still running into same error.
What should be done to fix the issue?
Skill creation
Error deploying skill
I've been able to deploy.
After running aws configure, I called ask new, and I think the solution was to not select AWS With CloudFormation but AWS Lambda:
I wanted to use an existing skill that I previously created in the web UI. So I created two folders: lambda and skill-package. Then I used ask init saying I don't want to use AWS CloudFormation to deploy:
Next, I added my region in ask-resources.json, under skillInfrastructure:
{
"askcliResourcesVersion": "2020-03-31",
"profiles": {
"default": {
"skillMetadata": {
"src": "./skill-package"
},
"code": {
"default": {
"src": "./lambda"
}
},
"skillInfrastructure": {
"type": "#ask-cli/lambda-deployer",
"userConfig": {
"runtime": "nodejs12.x",
"handler": "index.js",
"awsRegion": "eu-west-1"
}
}
}
}
}
And I finished with ask deploy that worked!
I am following the instrutions at https://aws.amazon.com/getting-started/projects/build-modern-app-fargate-lambda-dynamodb-python/module-four/
aws apigateway create-deployment --rest-api-id a2kpkzqme1 --stage-name prod
An error occurred (BadRequestException) when calling the CreateDeployment operation: The Vpc link is not yet available for deployment
I had the same issue. So I checked the status of creation of the VPC Link:
aws apigateway get-vpc-link --vpc-link-id MY_VPC_LINK_ID
It showed, that creation failed:
{
"id": "xxxxxx",
"name": "MysfitsApiVpcLink",
"targetArns": [
"arn:aws:elasticloadbalancing:MY_REGION:MY_ID:loadbalancer/net/mysfits-nlb"
],
"status": "FAILED",
"statusMessage": "NLB ARN is malformed",
"tags": {}
}
So the failure I made was a wrong NLB ARN. I forgot something at the end.
I repeated all steps from the creation of the VPC Link (with right NLB ARN). Then it worked for me.
We have developed an AWS Serverless Lambda application using dotnetcore to perform operations on EC2 Instances, say start or stop EC2 instance and integrated with Aws API Gateway.
serverless.template in dotnetcore application
"StartInstanceById" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "EC2_Monitoring_Serverless::EC2_Monitoring_Serverless.Functions::StartInstanceById",
"Runtime": "dotnetcore2.1",
"CodeUri": "",
"MemorySize": 256,
"Timeout": 30,
"Role": "arn:aws:iam::2808xxxx1013:role/lamda_start_stop",
"Policies": [ "AWSLambdaBasicExecutionRole" ],
"Events": {
"PutResource": {
"Type": "Api",
"Properties": {
"Path": "/instances",
"Method": "Get"
}
}
}
}
}
The above Lambda function is working fine for starting ec2 instance when I invoking the API gateway url.
For calling these API's, We have created Angular 6 application and provided authentication using Aws Cognito Userpools.
So the cognito user logins into the website and gets all EC2 informations.
If the user wants to stop / start the EC2 instance, user will click on the particular button which invokes the relevant api gateway url of the lambda functions and It's working fine.
Now the question is who performed that action. After so much of research on stackoverflow and aws community forums for knowing who started or stopped the EC2 instances , I found Aws CloudTrail logs the information when user start or stopped the instance.
So I created a trail and I can see the logs in S3 buckets. But in every log I opened, I saw that the role "arn:aws:iam::2808xxxx1013:role/lamda_start_stop" is captured. I know this is because of the Lambda function. But I want to know who really stopped the instance.
Please advice how to capture user details!
The reason lambda execution role is getting printed in cloudtrail, is because it has initiated the process to stop the ec2 instance. Here the role is assumed (instead of actual user).
To print your actual user, you need to implement logs at your lambda, which will print logs to Cloudwatch. You can get the actual user or any other custom information from those logs.
One of RDS instance running within our account is deleted. We would like to find out who and when it is deleted.
Is there a way to find a log of that somewhere?
How can I see the events on RDS instance which is deleted
The when can be checked form the Events of your RDS dashboard page:
You can retrieve events for your RDS resources through the AWS Management Console, which shows events from the past 24 hours
If it happened earlier, you can use the CLI which retrieves events up to 14 days
[xxx#xxxx ~]# aws rds describe-events --source-identifier test --source-type db-instance
{
"Events": [
{
"Date": "2016-05-20T12:58:26.529Z",
"Message": "DB instance deleted",
"SourceIdentifier": "test",
"EventCategories": [
"deletion"
],
"SourceType": "db-instance"
}
]
}