Federated Single Sign-On to AWS Using Google Apps - google-admin-sdk

We have had everything working perfectly for the last couple of years, then all of a sudden in the last week we cant log into AWS using the Google SSO.
We are setting up the roles for the users again (as per https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/), but when we get to the users.patch (or users.update) section with the following call (values for <role ARN>,<provider ARN> replaced with actual...):
"customSchemas": {
"SSO": {
"role": [
{
"value": "<role ARN>,<provider ARN>",
"customType": "iPDA-sysadmin"
}
]
}
}
}
We get the following error:
{
"error": {
"code": 400,
"message": "Invalid Input: Bad request for ",
"errors": [
{
"message": "Invalid Input: Bad request for ",
"domain": "global",
"reason": "invalid"
}
]
}
}
Any ideas would be great...

https://support.google.com/a/answer/6327792?hl=en
You need to pass in the type as well.
{
"customSchemas":
{
"SSO":
{
"role": [
{
"value": "<role ARN>,<provider ARN>",
"type": "custom"
"customType": "SSO"
}
]
}
}
}

Related

AWS LexV2 CDK/CloudFormation error when using Image Response Cards

I am deploying a Lex V2 bot with AWS CDK and want my bot to have buttons for eliciting slots, but for some reason I get an error:
DevBot Resource handler returned message:
"Importing CDK-DevBot failed due to [There was an error importing the bot.
Make sure that the imported bot and contents of the zip file are correct, then try your request again.].
The import could not be completed."
(RequestToken: ebd3354f-6169-922a-d0f9-d14690671e25, HandlerErrorCode: InvalidRequest)
This error is not very informative. The relevant part of the CloudFormation template: "Message"
"MessageGroupsList: [{
"Message": {
"ImageResponseCard": {
"Buttons": [
{
"Text": "1.0.3",
"Value": "1.0.3"
},
{
"Text": "1.0.5",
"Value": "1.0.5"
}
],
"Title": "Title"
},
"PlainTextMessage": {
"Value": "Please enter the issue number"
}
}
}]
If I remove "ImageResponseCard" then it deploys okay. Otherwise, I get the error.
Has anybody else had this problem and found a way to overcome it?
The MessageGroupList is an array of Message elements. Every element must have a different type of Message that could be ImageResponseCard or PlainTextMessage. So in your case the template has an incorrect structure, it should be something like that:
{
"MessageGroupsList": [
{
"Message": {
"ImageResponseCard": {
"Buttons": [
{
"Text": "1.0.3",
"Value": "1.0.3"
},
{
"Text": "1.0.5",
"Value": "1.0.5"
}
],
"Title": "Title"
}
}
},
{
"Message": {
"PlainTextMessage": {
"Value": "Please enter the issue number"
}
}
}
]
}
Assumming that the missing tick in MessageGroupList is a typo.

Monitoring api in Google gives "By" as response

I am reading monitoring data through Google Timeseries api. The api is working correctly and if give alignment period=3600s it gives me the values for that time series between start and end time for any metric type.
I am calling it through Python like this:
service.projects().timeSeries().list(
name=api_args["project_name"],
filter=api_args["metric_filter"],
aggregation_alignmentPeriod=api_args["aggregation_alignment_period"],
# aggregation_crossSeriesReducer=api_args["crossSeriesReducer"],
aggregation_perSeriesAligner=api_args["perSeriesAligner"],
aggregation_groupByFields=api_args["group_by"],
interval_endTime=api_args["end_time_str"],
interval_startTime=api_args["start_time_str"],
pageSize=config.PAGE_SIZE,
pageToken=api_args["nextPageToken"]
).execute()
and in Postman:
https://monitoring.googleapis.com/v3/projects/my-project/timeSeries?pageSize=500&interval.startTime=2020-07-04T16%3A39%3A37.230000Z&aggregation.alignmentPeriod=3600s&aggregation.perSeriesAligner=ALIGN_SUM&filter=metric.type%3D%22compute.googleapis.com%2Finstance%2Fnetwork%2Freceived_bytes_count%22+&pageToken=&interval.endTime=2020-07-04T17%3A30%3A01.497Z&alt=json&aggregation.groupByFields=metric.labels.key
I face an issue here:
{
"metric": {
"labels": {
"instance_name": "insta-demo1",
"loadbalanced": "false"
},
"type": "compute.googleapis.com/instance/network/received_bytes_count"
},
"resource": {
"type": "gce_instance",
"labels": {
"instance_id": "1234343552",
"zone": "us-central1-f",
"project_id": "my-project"
}
},
"metricKind": "DELTA",
"valueType": "INT64",
"points": [
{
"interval": {
"startTime": "2020-07-04T16:30:01.497Z",
"endTime": "2020-07-04T17:30:01.497Z"
},
"value": {
"int64Value": "6720271"
}
}
]
},
{
"metric": {
"labels": {
"loadbalanced": "true",
"instance_name": "insta-demo2"
},
"type": "compute.googleapis.com/instance/network/received_bytes_count"
},
"resource": {
"type": "gce_instance",
"labels": {
"instance_id": "1234566343",
"project_id": "my-project",
"zone": "us-central1-f"
}
},
"metricKind": "DELTA",
"valueType": "INT64",
"points": [
{
"interval": {
"startTime": "2020-07-04T16:30:01.497Z",
"endTime": "2020-07-04T17:30:01.497Z"
},
"value": {
"int64Value": "579187"
}
}
]
}
],
"unit": "By". //This "By" is the value which is causing problem,
I am getting this value like "unit": "By" or "unit":"ms" or something like that at the end, Also if I don't find any data for a range I'm getting this value, as I am evaluating this response in Python I am getting key error as there is not key called "unit"
logMessage: "Key Error: ' '"
severity: "ERROR"
As the response is empty I am getting the single key called "unit". Also at the end of any response I am getting this "unit":"ms" or "unit":"by" - is there any way to prevent that unit value coming in the response?
I am new to Google Cloud APIs and Python. What can I try next?
The "unit" field expresses the kind of resource the metric is counting. For bytes, it is "By". Read this. I understand it is always returned, so there is no way of not receiving it; I recommend you to adapt your code to correctly deal with its appearance in the responses.

Custom geolocation search resolver using aws-amplify api

I'm trying to add a custom geolocation search resolver that targets an Elasticsearch domain using aws-amplify API (base on documentation)
My Custom stack json is :
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "An auto-generated nested stack.",
"Metadata": {},
"Parameters": {
"AppSyncApiId": {
"Type": "String",
"Description": "The id of the AppSync API associated with this project."
},
"AppSyncApiName": {
"Type": "String",
"Description": "The name of the AppSync API",
"Default": "AppSyncSimpleTransform"
},
"env": {
"Type": "String",
"Description": "The environment name. e.g. Dev, Test, or Production",
"Default": "NONE"
},
"S3DeploymentBucket": {
"Type": "String",
"Description": "The S3 bucket containing all deployment assets for the project."
},
"S3DeploymentRootKey": {
"Type": "String",
"Description": "An S3 key relative to the S3DeploymentBucket that points to the root\nof the deployment directory."
}
},
"Resources": {
"QueryNearbyUsers": {
"Type": "AWS::AppSync::Resolver",
"Properties": {
"ApiId": {
"Ref": "AppSyncApiId"
},
"DataSourceName": "ElasticsearchDomain",
"TypeName": "Query",
"FieldName": "nearbyUsers",
"RequestMappingTemplateS3Location": {
"Fn::Sub": [
"s3://${S3DeploymentBucket}/${S3DeploymentRootKey}/resolvers/Query.nearbyUsers.req.vtl",
{
"S3DeploymentBucket": {
"Ref": "S3DeploymentBucket"
},
"S3DeploymentRootKey": {
"Ref": "S3DeploymentRootKey"
}
}
]
},
"ResponseMappingTemplateS3Location": {
"Fn::Sub": [
"s3://${S3DeploymentBucket}/${S3DeploymentRootKey}/resolvers/Query.nearbyUsers.res.vtl",
{
"S3DeploymentBucket": {
"Ref": "S3DeploymentBucket"
},
"S3DeploymentRootKey": {
"Ref": "S3DeploymentRootKey"
}
}
]
}
}
}
},
"Conditions": {
},
"Outputs": {
}
}
But It give me this error :
Resource Name: QueryNearbyUsers (AWS::AppSync::Resolver)
Event Type: create
Reason: No data source found named ElasticsearchDomain (Service: AWSAppSync; Status Code: 404; Error Code: NotFoundException; Request ID: 920993d8-46ef-11e9-82c8-e977f5face03)
I tried many different things for DataSourceName including the domain name in aws console or copy pasting the code from other auto generated stacks,... unfortunately none of them work .
How can I find DataSourceName value?
Seems, there is a typo in their documentation and it should be :
"DataSourceName": "ElasticSearchDomain",
not :
"DataSourceName": "ElasticsearchDomain",
now it's working fine.. so many hours wasted on such a simple typo.

Google Vision OCR Multiple Text Detection

I'm triying to multiple language text detection with google cloud vision. But I have a problem.
If I send the request text detection api endpoint this url;
https://vision.googleapis.com/v1/images:annotate?key=XxxXX
and this body;
{
"requests": [
{
"image": {
"source": {
"imageUri": "image_url"
}
},
"features": [
{
"type": "DOCUMENT_TEXT_DETECTION",
"maxResults": 1
}
],
"ImageContext": {
"languageHints": [
"tr", "en"
]
}
}
]
}
I'm getting the this error code;
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"image_context\" at 'requests[0]': Cannot find field.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"field": "requests[0]",
"description": "Invalid JSON payload received. Unknown name \"image_context\" at 'requests[0]': Cannot find field."
}
]
}
]
}
}
What is a problem?
The problem is the field "ImageContext", it should be "imageContext" with lower-case "i".

Cryptic error from request that had been working

I wanted to know if there were any changes to the dlp api in regards to authentication or whether the service may be down. Seems like the docs don't mention any changes.
The request is formated as such
POST https://dlp.googleapis.com/v2/projects/<project_id>/content:deidentify?key=<key> HTTP/1.1
{
"item": {
"value": "[\"Humphrey\",\"Roy\",\"Hodge\",\"Juarez\",\"Watkins\",\"Calderon\",\"Mayer\",\"Drake\",\"Valdez\",\"Landry\"]"
},
"deidentifyConfig": {
"infoTypeTransformations": {
"transformations": [
{
"primitiveTransformation": {
"replaceWithInfoTypeConfig": {}
}
}
]
}
},
"inspectConfig": {
"infoTypes": [
{
"name": "US_SOCIAL_SECURITY_NUMBER"
},
{
"name": "CREDIT_CARD_NUMBER"
},
{
"name": "US_DRIVERS_LICENSE_NUMBER"
},
{
"name": "EMAIL_ADDRESS"
},
{
"name": "PERSON_NAME"
},
{
"name": "PHONE_NUMBER"
},
{
"name": "LOCATION"
}
]
}
}
The error returned is very cryptic and thus I'm having a hard time figuring out what exactly is going on especially given that the exact same request had been working earlier.
{
"error": {
"code": 500,
"message": "Internal error encountered.",
"status": "INTERNAL"
}
}
There is indeed a bug, the engineering team has a patch for it and is in the process of rolling out the fix. (it only impacts calls unauthenticated, so calling with auth is the work around)