command "amplify configure" can not run due to amplify.ps1 security issue - amazon-web-services

I am using aws amplify and am trying to run the command "amplify configure" in my root directory but keep getting this error response
amplify : File C:\Users\munet\AppData\Roaming\npm\amplify.ps1 cannot be loaded. The file C:\Users\munet\AppData\Roaming\npm\amplify.ps1 is
not digitally signed. You cannot run this script on the current
system. For more information about running scripts and setting
execution policy, see about_Execution_Policies at
https:/go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1
amplify configure
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
I tried unblocking the file in powershell but it still displays the same error. I even went to the file in my AppData folder, clicked properties and the check to mark unblock was not an option. I am wondering what else it could be that is preventing this file from being run. I am thinking I have to digitally sign the script but am unsure where to. Here is a link to where the solution may possibly be. I will upload the solution if I find. Thanks.
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1#remotesigned

The solution to this problem is rather simple. You're running this command in Powershell. Sometimes it can help to run powershell as an administrator but the best solution is just to run it in Command Prompt (cmd)

You can also bypass that security check by running this command:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Or just use:
set-ExecutionPolicy RemoteSigned -Scope CurrentUser
But not both as they will conflict between each other

Related

Unable to connect google compute engine, getting permission denied error

I have accidentally changed permission of the .ssh folder to 600 and now I am not able to log in to the GCP server through SSH as it's giving me permission denied error.
**Connection Failed**
You cannot connect to the VM instance because of an unexpected error. Wait a few moments and then try again.
I tried multiple options like, ssh troubleshooting instance, enabling serial console, ssh private key login.
Thanks you in advance.
One of the simple ways to fix this would be to use a startup script. In this script just execute chmod 700 /path/to/your/.ssh.
The startup scripts are executed with root privileges, so it should be able to fix your problem with .ssh folder permissions.
So, what you need to do:
Set the startup script.
Restart the VM.
Wait a minute or two to make sure the script got executed.
Remove the startup script from the machine. (no need to restart again)
Thank you guys for all your support, my problem got solved by follwing below document:
Serial Console with local password using a startup script

How to create IAM group and user in AWS using powershell?

1 I am using PowerShell and want to run following command New-IAMGroup -Path "/ps-created-groups/" -GroupName "powerUsers", but getting below error
New-IAMGroup : The term 'New-IAMGroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
verify that the path is correct and try again.
At line:1 char:1
New-IAMGroup -Path "/ps-created-groups/" -GroupName "powerUsers"
+ CategoryInfo : ObjectNotFound: (New-IAMGroup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
How can this be resolved? I am new to Powershell.Your help much appreciated
The powershell cli for AWS does not install service specific cmdlets. You need to install them yourself.
See AWS documentation for this - https://docs.aws.amazon.com/powershell/latest/userguide/pstools-getting-set-up-windows.html
For IAM this will help you install the right cmdlets.
Install-AWSToolsModule AWS.Tools.IdentityManagement -Scope AllUsers
And then try to run your commands.
P.S. change the scope from AllUsers to CurrentUser as needed.

Amplify configure

I have installed 'amplify-cli'. When I type 'amplify configure', I get the error message:
'amplify is not recognized as an internal or external command, operable program or batch file'.
Please share your platform. Are you developing on Linux, Windows (Powershell), or Linux on Windows (WSL/Ubuntu)?
Did you install the CLI globally?
Try this:
npm install -g #aws-amplify/cli
And see if that works. If the global install fails, you can try running this per an Amplify developer:
npm install -g #aws-amplify/cli --unsafe-perm=true
Edit: since you're on Windows, it's possible the CLI wasn't added to your $PATH variable. You can fix it by seeing this Github issue.
To solve this, simply edit a PATH key under system Environment Variables and add a new path pointing to amplify:
C:\Users\{UserName}\AppData\Roaming\npm\amplify.cmd
If you have globally installed amplify/cli then you should find two files named amplify and amplify.cmd in the above mentioned npm directory.
Under same circumstances I run all the suggested solutions on Windows 10 machine (64 bit). None of them seemed to do the trick.
I got a more specific error:
..... cannot be loaded because running scripts is disabled on this
system .... + CategoryInfo : SecurityError: (:) [],
PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
The issue appears due to Windows PowerShell execution policies. Eventually, I managed to amend it by applying the following:
C:\Windows\System32>powershell Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
Above solutions didn't work for me, I had to run this instead of 'amplify init':
C:\Users{UserName}\AppData\Roaming\npm\amplify init
I had the same issue and my problem was because I was trying to install it using
yarn global add #aws-amplify/cli
Apparently, it doesn't work when it is installed with yarn it has to be npm. It's funny because there are no errors shown. There might be a fix to it maybe someone can look into that.
If you are on windows platform avoid using the global(-g) flag from your npm command. Install Amplify CLI with below npm command.
npm install #aws-amplify/cli
It worked for me.
Error:
amplify : The term 'amplify' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. le program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
amplify init
CategoryInfo : ObjectNotFound: (amplify:String) [], CommandNotFoundException
FullyQualifiedErrorId : CommandNotFoundException
Try this for windows:
Step 1:
npm install -g #aws-amplify/cli --unsafe-perm=true
Step 2:
npm config get prefix
Step 3:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
you must run this code on PowerShell not a cmd.
I had the same issue
For Windows, try the below command to install Amplify CLI
$ curl -sL https://aws-amplify.github.io/amplify-cli/install-win -o
install.cmd && install.cmd
$ amplify configure
for more info on installation follow the link
https://docs.amplify.aws/cli/start/install/

Trouble installing leiningen-win-installer 1.0 on Windows 10 behind firewall

I'm having trouble installing and configuring Leiningen on a Windows 10 work computer. I'm assuming that my company's firewall prevents the GitHub security certificate from authenticating.
The error I'm getting is:
Exception calling "DownloadFile" with "2" argument(s): "The request
was aborted: Could not create SSL/TLS secure channel." At line:1
char:145
+ ... che]::DefaultNetworkCredentials; $client.DownloadFile($a, $f)} "https ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
Failed to download
https://github.com/technomancy/leiningen/releases/download/2.8.1/leiningen-2.8.1-standalone.zip
It is possible that the download failed due to "powershell",
"curl" or "wget"'s inability to retrieve GitHub's security certificate.
The suggestions below do not check certificates, so use this only if
you understand the security implications of not doing so.
The PowerShell failed to download the latest Leiningen version.
Try to use "curl" or "wget" to download Leiningen by setting up
the HTTP_CLIENT environment variable with one of the following
values:
set HTTP_CLIENT=wget --no-check-certificate -O
set HTTP_CLIENT=curl -f -L -k -o
NOTE: Make sure to not add double quotes when setting the value
of HTTP_CLIENT
Github only supports TSL 1.2. By default PowerShell doesn't support this protocol.
To add TSL 1.2 support to every PowerShell session you need to edit your PowerShell profile: Microsoft.PowerShell_profile.ps1.
Path to profile (Windows 10):
C:\Users\%USERNAME%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
Add this line to profile:
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
After you add this line, try again with "lein self-install". At least this worked for me, remember to add PATH Variable.
Quick tutorial on how to add PATH variable:
Open up File Explorer
Right-click on This PC
Select Properties
On the left hand side of the new window select Advanced System Settings
On the bottom of this screen select Environment Variables…
Find the PATH variable
Append ;C\Lein\; (path to folder where is your lein.bat) to the existing PATH variable
If everything worked you should have similar answer:
I had the same problem.
If you have curl installed use the command it give you there:
set HTTP_CLIENT=curl -f -L -k -o
This worked for me.

(AWS) Security implications of adding an exclusion for user:wsgi in sudoers

While setting up a script to convert documents to PDF using libreoffice on AWS, I can't get libreoffice to --convert-to pdfwithout sudo as perhaps the user wsgi does not have write permissions to the /opt/python/current/app directory.
So I plan to solve this by appending the following line to the /etc/sudoers file:
wsgi ALL = NOPASSWD: /opt/libreoffice5.3/program/soffice.bin
As I want to automate this while deploying, in my .ebextensions/01_packages.config I have
container_commands:
01_edit_sudoers_only_once:
command: "echo 'wsgi ALL = NOPASSWD: /opt/libreoffice5.3/program/soffice.bin' >> /etc/sudoers"
test: "test ! -f .sudoers_edited"
02_mark_sudoers_as_edited:
command: "touch .sudoers_edited"
Is there a potential security issue with this?
There is a significant potential security issue with giving a web service process the ability to invoke things with sudo.
Giving it permission to write to directories containing code would also be unsafe.
You really need to identify what's being denied and why that matters. If error messages aren't sufficiently clear, you could use strace to observe the processes system calls and the resulting errors.