I have a service instance object that I got from CF API using its guid.
For user provided services, there is no guid attached in relationships of the service instance object response (contrary to managed services which have a service plan attached in the response).
What's the best way to get the attached user provided service guid when receiving a reponse of a service-instance object ?
Related
I set up my AWS Cognito integration into my React Native app using amplify add auth according to the guide, all is well and good, I'm able to register and login in the app. The cli wizard associates two app clients with the User Pool it creates: [poolid]_app_client and [poolid]_app_clientWeb.
I would like to have authenticated users be able to communicate with a web app hosted on an EC2 instance. I thought I could use an Application Load Balancer to do this by setting it up to forward authenticated requests to the EC2 instance. Problem is, I'm unable to create an Application Load Balancer default action that authenticates with the Cognito User Pool.
If I choose the App Client associated with the [poolid]_app_clientWeb, I get an error on save: Error creating listener The user pool client must have a client secret. This is the client ID exported by the amplify tools to my React Native app in aws-exports.js.
If I choose the App Client associated with the [poolid]_app_client I get Error creating listener OAuth flows must be enabled in the user pool client.
Not sure how to proceed. Is ALB the way to go or API Gateway?
You should have made appropriate changes in "User Pools -> App Integration -> App client" settings for your client
API Gateway makes this much more straightforward. After I went through Create API, I was able to create an Authorizer that connected with my Cognito User Pool (the clientWeb one). Then, after creating endpoint Resources, I associated them with the authorizer in the Method Request section of their configuration.
I could then send the identity token I get from Amplify:
(await Auth.currentSession()).idToken.jwtToken
as an HTTP header value to the endpoints I configured.
Are requests made from AWS Console automatically signed? For example - Once an authenticated entity (a user) tries to create an S3 bucket from Console, does the API request get signed automatically similar to SDK/CLI requests Or does the concept of signing an API request (automatically) not apply to the Console at all?
Does the AWS enforcement code check whether the entity is authenticated for each request made via the AWS Console or is the authentication check bypassed because the entity authenticated by logging into the console first before it made the request? - Is this authentication check for every request only for CLI/SDK and HTTP API calls and not for Console requests?
Yes, AWS checks the authentication status of entity for each request. For every request you make on the console you will be redirected to https://us-west-2.signin.aws.amazon.com/oauth?SignatureVersion=4&X-Amz-Algorithm=A...(all the required params here) where the entity's authentication will be validated and gets redirected to respective resource that the entity is trying to access.
A request to list all service instances to the Cloud Controller API of Cloud Foundry (API Docs) shows a credentials property in the response body.
I know you can provide credentials in service bindings and service keys through the Open Service Broker API, but how do I fill this global credentials object in a service instance?
Imo, this can only happen during Service Provisioning, but all the Service Broker API defines in the response of the provisioning is a dashboard url and an operation.
I looked at a couple of my lab environments, which have a number of different service brokers installed on them. None of them used the field you're asking about.
i.e. cf curl /v2/service_instances. The dictionary resources[].entity.credentials was always empty.
My understanding is that service credentials are associated with a service binding or a service key, not the service itself. If you want to see the service bindings or service keys, you need to use a different API call.
Ex: service binding cf curl /v2/service_instances/<service-instance-guid>/service_bindings. In that output resources[].entity.credentials should be populated with the service information (ie. hostname, port, username, password, etc...; whatever is provided by the service).
Similarly, service key credentials would be under the API cf curl /v2/service_instances/<service-instance-guid>/service_keys.
Maybe someone else can come along and tell us the purpose of this global field, but at the time of me writing this it appears to be unused.
Hope that helps!
Is there any AWS ElasticSearch Client SDK for Java, which signs the requests with AWS credentials? I saw this, but I guess its for managing AWS Elasticsearch Service.
You can create AWS client for Elasticsearch in the following way:
AwsClientBuilder.withCredentials(AWSCredentialsProvider) for example: AWSElasticsearchClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();
How I do this is by first creating AWSBasicSessionCredential instance by providing awsAccessKey, awsSecretKey, and sessionToken information and then passing this instance in the above code to build the client instance. However, I do this for test programming the clients. Its not advised to create a client this way though. For example, one secure way would be using federated identification to generate a temporary security token and then use that to assume a role through AWS' AssumeRoleRequest, receive its response in the form of AssumeRoleResult and then retrieve credential information from the assumeRoleResult response received above. Use this credential information in generating AWSCredential.
Source of generating AWS Elasticsearch client.
I created a data service using below url
Data Service
anyway i need to know how to find my service url ?
When you successfully create a Data Service, it will be listed under services.
Look at the final step in the same doc you have referred.
Access the WSDLs and see whether your operations are defined properly.
You should be able to see the service endpoint url in the WSDL.
You can just invoke the web service from your own client. You can also try soapUI as a testing tool.
Go to the Service Dashboard and there you can find the service Endpoints. To view the Service Dashboard of a service, just click on the dataservice you created which is available in the services list.
Refer http://docs.wso2.org/display/DSS301/Service+Dashboard