AWS congnito user pool attributes update - amazon-web-services

I have an AWS Cognito user pool enabled with a PreSignup lambda trigger. For some reason, I need to remove the trigger using aws cognito-idp cli. I am aware with the below command we can set new/update a lambda function ARN, but how can I set to none or delete the existing one. With the new and old AWS console, I can easily manage such action but the requirement is to do it through AWS CLI
aws cognito-idp update-user-pool --user-pool-id=eu-west-1_xxXXXxxyy --lambda-config PreSignUp="<lambda-function-arn>:<function_name>:<function_alias>" --region eu-west-1
Thanks in advance

Use this command, I tested in my lab and it works (replace "YOUR_USER_POOL_ID" with your user pool ID):
aws cognito-idp update-user-pool --user-pool-id YOUR_USER_POOL_ID --lambda-config {}

Related

how do we update an already existing iam policy with a new json file using aws cli commands

How do we update an already existing iam policy with a new json file using aws cli commands?
I already have a policy named mypolicy. I want to update this policy with a new json file (which has access to different resources). How do I perform this using aws cli command?
I tried to find the cli command. I found the command below from an AWS page:
aws organizations update-policy \
--policy-id p-examplepolicyid111 \
--content "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}}"
However, with this command I did not find any way to replace the policy with new json.
create policy version.
aws iam create-policy-version
--policy-arn arn:aws:iam::123456789012:policy/MyPolicy
--policy-document file://NewPolicyVersion.json --set-as-default
https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy-version.html
list policies managed by customer
aws iam list-policies --scope Local
get a policy by arn
aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy

AWS cli is asking for secret key and access key Id even though right IAM role is attached to the instance

I have an ec2 instance which has the IAM role attached to it for creation of EC2 instances. It also has aws cli installed.
I am trying to use cloudformation cli command to create a stack based on a json template in s3. But it's asking me to provide accessKeyId and secret key etc which I do not have as I do not want to create any IAM user.
Is there any workaround to this ?
Here is the command which I am using:
aws --region us-east-1 cloudformation create-stack --stack-name myteststack --template-url https://s3.console.aws.amazon.com/s3/object/aws-cli-test11/test_ct.json?region=us-east-1&tab=properties --parameters ParameterKey=KeyName,ParameterValue=eai_ec2user,ParameterKey=InstanceType,ParameterValue=t2.medium
EDIT----------
I receive the error messaage Unable to locate credentials. You can configure credentials by running "aws configure". on all aws cli commands. I tried below command and got the same error.:
aws ec2 describe-instances --filters "Name=availability-zone,Values=us-east-1a"
The question is why it's not using the IAM role which is assigned to the instance. That role is having all the necessary policies attached.
The commands are working fine under root user but not under non root user. All the above errors are for non root users.

AWS Windows Powershell ECR Login

I am new to AWS and Docker. I am trying to setup AWS ECR and docker and trying to retrieve ECR Login using windows powershell. I am trying to use the command -
Invoke-Expression -Command (aws ecr get-login)
which gives me the error
My problem is it is trying to use the ccuser on its own. I don't think I have configured it to use this user. I have created a separate user with AmazonEC2ContainerRegistryFullAccess. How do I configure this as the user for AWS Powershell to execute the command?
aws ecr get-login will simply use the creds that you've already setup for the AWS CLI. If you want to change the creds for the CLI, use aws configure to do the setup again, it will ask you for:
AWS Access Key ID []:
AWS Secret Access Key []:
Default region name []:
Default output format []:
If you only want to use that user temporarily without reconfiguring your existing account, here are the docs for doing that.
simple and easy, I was debugging this for while but somehow it worked
aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin ecr.amazonaws.com

aws lambda update-function-configuration has no --profile option?

Am i missing something ? it seems that you can use --profile with almost any other aws cli functionality.
is there any other way around this then by manually running aws configure ?
update Lambda environment variables from JSON file
aws lambda update-function-configuration --profile mfa --function-name test-api --cli-input-json file://dev.json

Error when creating aws emr default-roles

I'm trying to create a cluster using aws cli emr command. However, I can't seem to be able to create-default-roles needed before calling aws emr create-cluster
$ aws emr create-default-roles
A client error (NoSuchEntity) occurred when calling the GetRole operation: Unknown
I have made sure that my user has the following permissions:
IAMFullAccess - AWS Managed policy
AmazonElasticMapReduceforEC2Role - AWS Managed policy
AmazonElasticMapReduceFullAccess - AWS Managed policy
Any tips? Is there a place where I can just copy the roles json and create them manually?
The reason I started to do this is because when I run aws emr create-cluster it returns a cluster-id. But when that cluster-id is queries it state is set to terminated with the error: EMR service role arn:aws:iam::141703095098:role/EMR_DefaultRole is invalid
I DID manage to add these roles using the console by going to:
My Security Credentials > Roles > Create New Role
First Role with the following properties:
name: EMR_DefaultRole
policy: AmazonElasticMapReduceRole
Second Role with the following properties:
name: EMR_EC2_DefaultRole
policy: AmazonElasticMapReduceforEC2Role
Unfortunately I didn't get the command-line to work, but I suspect I might be something to do with my local setup.
I had issues with the console. With the client this worked:
# upgrade aws cli (can't hurt)
pip install --upgrade --user awscli
# aws configure process if you haven't (look it up)
# delete all the defunct shizzles
aws iam remove-role-from-instance-profile --instance-profile-name EMR_EC2_DefaultRole \
--role-name EMR_EC2_DefaultRole
aws iam delete-instance-profile \
--instance-profile-name EMR_EC2_DefaultRole
aws iam detach-role-policy \
--role-name EMR_EC2_DefaultRole \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role
aws iam delete-role --role-name EMR_EC2_DefaultRole
aws iam detach-role-policy --role-name EMR_DefaultRole \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole
aws iam delete-role --role-name EMR_DefaultRole
# now re-create them
aws emr create-default-roles
Note if you have attached policies, you might have to go into the console and delete them or find the appropriate aws cli command.
Source (our product is buggy and our role system is cumbersome, but if you buy premium support we'll tell you the workarounds):
https://aws.amazon.com/premiumsupport/knowledge-center/emr-default-role-invalid/