Im learning aws cdk and trying to make a code pipeline.
i created personal access key on github and saved it on aws secret manager.
then in my cdk stack i wrote`
pipeline.addStage({
stageName:"Source",
actions:[
new CodePipelineAction.GitHubSourceAction({
actionName: 'CheckOut',
owner: 'Mahmood787',
repo: "aws-pipeline",
oauthToken: cdk.SecretValue.secretsManager('github2'),
output:sourceOutput,
branch:"master"
})
]
});
on cdk deploy im getting this error
Webhook could not be registered with GitHub. Error cause: Invalid credentials [StatusCode: 401, Body: {"message":"Bad credentials","documentation_url":"https://docs.github.com/rest"}]
is there anything im missing?
Related
I uses CDK to create and deploy pipeline(with AWS CodePipeline https://aws.amazon.com/codepipeline/), and today Source stage stopped working, complaining about insufficient permission, which turns out to be that the Github token is expired. Error:
"Could not access the GitHub repository: "pandaWebsite". The access token might be invalid or has been revoked. Edit the pipeline to reconnect with GitHub."
So I re-genereate the Github token, and updated it in AWS Secrets Manager. And click "Retry" button in pipeline, and it still failed. Eventually I have to run cdk destroy to destroy the pipeline, and run cdk deploy to re-deploy the pipeline, and then it works.
My question is, why I have to destroy and re-deploy the pipeline? I was expecting that once I updated the token in Secrets Manager, it should just work.
More context
AWS Secrets Manager is where I stored the Github token, and my CDK code fetch from it. See code here:
// Add Source stage to fetch code from GitHub repository.
private addSourceStage(
pipeline: codepipeline.Pipeline,
sourceCode: codepipeline.Artifact
) {
pipeline.addStage({
stageName: "Source",
actions: [
new codepipeline_actions.GitHubSourceAction({
actionName: "Checkout",
owner: "yangliu",
repo: "pandaWebsite",
branch: "main",
// read the value from Secrets Manager
oauthToken: CDK.SecretValue.secretsManager(
"github-token"
),
output: sourceCode,
trigger: codepipeline_actions.GitHubTrigger.WEBHOOK,
}),
],
});
}
I have a CodeBuild project that pulls an image from a public Docker repository. I'm running into the known issue of too many pulls, so I want to login to Docker and pull the image because I have a valid Docker license.
However, I can't seem to find any documentation on how to set my credentials in CodeBuild. The only examples I see, are logging in via the buildspec.yml and then pulling the docker image. This does not work for me because I'm setting the docker image in the CodeBuild configuration.
I'm using CDK and this is my current CodeBuild configuration:
const myCodeBuild = new codeBuild.Project(this, 'myCodeBuild', {
source: githubsrc,
secondarySources: [ githubsrc2 ],
role: new BuildRole(this, 'myCodeBuildRole').role,
buildSpec: codeBuild.BuildSpec.fromObject(buildSpec),
environment: {
buildImage: codeBuild.LinuxBuildImage.fromDockerRegistry('salesforce/salesforcedx:latest-rc-full'
},
});
This creates a CodeBuild project that will automatically use the provided Docker Image. There is never a chance to login before it is pulled.
fromDockerRegistry supports authentication. To use it, create a Secrets Manager secret that contains the username and password fields with your Docker Hub credentials and pass it to the function. (Documentation reference for the secret format)
Using the example from the docs:
environment: {
buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('my-registry/my-repo', {
secretsManagerCredentials: secrets,
}),
},
secrets is your Secrets Manager secret here.
I've some problems with the amplify cli:
I don't know if it's related to a recent cli update...
amplify init
? Do you want to use an existing environment? Yes
? Choose the environment you would like to use: staging
Using default provider awscloudformation
? Select the authentication method you want to use: AWS profile
Failed to get profile: Profile configuration is missing for: undefined
amplify configure
Specify the AWS Region xxx
Specify the username of the new IAM user: xxx
Complete the user creation using the AWS console
Enter the access key of the newly created user:
accessKeyId: ********************
secretAccessKey: ****************************************
This would update/create the AWS Profile in your local machine
? Profile Name: default
Successfully set up the new user.
amplify push
? Select the authentication method you want to use: AWS profile
Failed to get profile: Profile configuration is missing for: undefined
amplify push
? Select the authentication method you want to use: Amplify Admin UI
OK! this time is working
UPDATE_IN_PROGRESS ...
UPDATE_FAILED DeploymentBucket
AWS::S3::Bucket Thu API: s3:SetBucketEncryption Access Denied
(as admin)
How do I solve this issue?
Ok, I found a solution.
Inside the amplify/.config/local-aws-info.json
change
"staging": {
"configLevel": "amplifyAdmin"
}
with
{
"staging": {
"configLevel": "project",
"useProfile": true,
"profileName": "default"
}
}
I'm new to Amplify integration with Cognito and working on a react-native app using Amplify with Cognito for Authentication. I have configured the user pool and Federated Identity in the AWS console.
I have created my own signup and login interface with the respective screens using the react-navigation 5.x version.
Below are the AWS related modules I added in package.json
"#aws-amplify/auth": "^3.4.24",
"#aws-amplify/core": "^3.8.16",
Here is the Amplify configuration in the App.js
Amplify.configure({
Auth: {
identityPoolId: 'eu-west-2:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
region: 'eu-west-2',
userPoolId: 'eu-west-2_xxxxxxxx',
userPoolWebClientId: 'xxxxxxxxxxxxxxxxxxxxxx',
authenticationFlowType: 'USER_PASSWORD_AUTH'
}
});
I'm able to successfully invoke Auth.signUp but getting error when I'm trying to invoke Auth.signIn(username, password)
Validate that amazon-cognito-identity-js has been linked
How do I able to invoke Auth.signIn successfully, please help in resolving the issue?
I had the same problem and I fix it by installing cognito identity.
Run the following:
npm i amazon-cognito-identity-js
After install start again rn
npm start
If you're running on ios, in addition to installing amazon-cognito-identity-js as mentioned, remember to also run pod install
I am trying to set AWS codepipeline and use github as the source by using cloudformation. The github repository is owned by an organization and I have admin access to it.
I was able to create webhook and successfully create entire service through codepipeline UI. But when I am trying to do same thing through Cloudformation Document, it returns error
Webhook could not be registered with GitHub. Error cause: Not found [StatusCode: 404, Body: {"message":"Not Found","documentation_url":"https://developer.github.com/v3/repos/hooks/#create-a-hook"}]
I used same credential both times (OAuth token in cloudformation and actual login popups in codepipeline UI), but when I do it through Cloudformation it failed.
I suspected my cloudformation document was the issue. But when I create my own repository, cloudformation successfully create webhook and created full codepipeline service.
Below is the summary of tests I did to understand where it went wrong.
Codepipeline UI. Organization Github Repo. It asked to login the github. Logged in with my admin credential => successfully created webhook and services.
Cloudformation. Organization Github Repo. Used OAuth Token from admin credential with repo and admin:repo_hook enabled. => Gave out error above
Cloudformation. Personal Github Repo. Used Oauth Token from admin credential with repo and admin:repo_hook enabled => successfully created webhook and services
The following is portion of cloudformation document where I create Webhook.
AppPipelineWebhook:
Type: 'AWS::CodePipeline::Webhook'
Properties:
Authentication: GITHUB_HMAC
AuthenticationConfiguration:
SecretToken: !Ref GitHubSecret
Filters:
- JsonPath: $.ref
MatchEquals: 'refs/heads/{Branch}'
TargetPipeline: !Ref cfSSMAutomationDev
TargetAction: SourceAction
Name: AppPipelineWebhook
TargetPipelineVersion: !GetAtt cfSSMAutomationDev.Version
RegisterWithThirdParty: true
So I am not sure what is wrong. My suspicion is that OAuth token requires more privilege. Does anyone have similar experience with this? Any suggestion is much appreciated
Even I was facing the same issue, by seeing codepipeline UI configuration's Repository I used
{
"Configuration": {
"Owner": "myUserName",
"Repo": "orgname/repository-name",
}
}
so cloudformation was checking for the repository myUserName/orgname/repository-name which wasn't exist.
It got solved after following the below solution:
{
"Configuration": {
"Owner": "orgname",
"Repo": "repository-name",
}
}
private repo -> ownerName: YourUserName
organisation repo -> ownerName: OrganisationName