Currently working on deploying a yml file to CloudFormation and I have created this profile called awsbootsrap but when my script runs I get an error. My script:
#!/bin/bash
STACK_NAME=awsbootstrap
REGION=us-east-2c
CLI_PROFILE=awsbootstrap
EC2_INSTANCE_TYPE=t2.micro
# Deploy the CloudFormation template
echo $CLI_PROFILE
echo -e "\n\n=========== Deploying main.yml ==========="
aws cloudformation deploy --region $REGION --profile $CLI_PROFILE --stack-name $STACK_NAME --template-file main.yml --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM --parameter-overrides EC2InstanceType=$EC2_INSTANCE_TYPE
# If the deploy succeeded, show the DNS name of the created instance
if [ $? -eq 0 ]; then
aws cloudformation list-exports --profile awsbootstrap --query "Exports[?Name=='InstanceEndpoint'].Value"
fi
where $CLI_PROFILE=awsbootstrap
I get The config profile (awsbootstrap) could not be found
Running aws configure list-profile shows me my profile -> awsbootstrap
Running aws configure list shows
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None
My ~/.aws/config looks like this (have also tried with us-east-1 / us-east-2):
[profile awsbootstrap]
region = us-east-2c
output = json
My ~/.aws/credentials looks like this:
[awsbootstrap]
aws_access_key_id = redacted
aws_secret_access_key = redacted
I have no env variables that are creating issues...
Related
In AWS samconfig.toml, is it possible to only mask values instead of specifying the full set of config parameters for each individual configuration?values?
Here's an example:
[default]
[default.deploy]
[default.deploy.parameters]
stack_name = "my-stack"
region = "us-east-1"
...
[differentRegion.deploy.parameters]
region = "us-east-2"
When called with sam deploy --config-env differentRegion, the stack name should be my-stack and region should be us-east-2
Assume I am on a Mac and I have a ~/.aws/config file:
[profile cicd]
region = us-west-2
output = json
[profile prod]
region = us-west-2
output = json
And also a ~/.aws/credentials file:
[cicd]
aws_access_key_id = 12345
aws_secret_access_key = 12345
[prod]
aws_access_key_id = 12345
aws_secret_access_key = 12345
If I run:
aws configure list
I get:
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None
What have I done wrong?
Also, the company I work for has multiple AWS accounts. The cicd profile runs in one AWS account, and the prod runs in a different AWS account. A I supposed to record that fact in the AWS config files?
aws configure list just lists the current AWS credentials that you are using. It doesn't list all the available credentials you have configured on your system. The name of the command is really misleading.
It is currently showing that you have no credentials configured, because you haven't done anything to specify that you want to use one of those profiles in your config/credential files.
If you did something to select a profile, like:
export AWS_PROFILE=cicd
Then you would see some details about that particular profile when you run aws configure list.
Below is my Deployment stage pipeline code.
stage('Deploy') {
if (continueBuild) {
println("Start Deployment");
//Deploy step for liberty-web
if ("${repo_name}" == 'enterprise-content-management/liberty-web') {
if ("${deploy_env}" == "DEV") {
def REACT_APP_CONFIGS = sh(script: "aws ssm get-parameter --region us-east-1 --name \"/liberty/config/liberty-web_dev/app.config\" | jq -r '.Parameter.Value'", returnStdout: true).trim().replaceAll('\n', '').replaceAll('\"', '\\\\"');
def APP_SPECIFIC_CONFIG = sh(script: "aws ssm get-parameter --region us-east-1 --name \"/liberty/config/liberty-web_dev/app.appSpecificConfig\" | jq -r '.Parameter.Value'", returnStdout: true).trim().replaceAll('\n', '').replaceAll('\"', '\\\\"');
print REACT_APP_CONFIGS
print APP_SPECIFIC_CONFIG
def CLOUDFRONT_DISTRIBUTION_ID = sh(script: "aws ssm get-parameter --region us-east-1 --name \"/liberty/config/liberty-web_dev/cloudfront.distribution.id\" | jq -r '.Parameter.Value'", returnStdout: true).trim()
print CLOUDFRONT_DISTRIBUTION_ID
def DEPLOYMENT_BUCKET = sh(script: "aws ssm get-parameter --region us-east-1 --name \"/liberty/config/liberty-web_dev/s3.bucket.name\" | jq -r '.Parameter.Value'", returnStdout: true).trim()
print DEPLOYMENT_BUCKET
writeFile file: 'build-web-dev.sh', text: "#!/usr/bin/env bash \n docker run --rm --env REACT_APP_CONFIGS=\"${REACT_APP_CONFIGS}\" --env APP_SPECIFIC_CONFIG=\"${APP_SPECIFIC_CONFIG}\" --name liberty-web -v /data/jenkins/workspace/liberty-web-deployment:/Project -w /Project node:12-alpine npm run build"
sh 'cat build-web-dev.sh'
sh 'bash build-web-dev.sh'
sh "aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_DISTRIBUTION_ID} --paths \"/*\" && aws s3 sync build/ s3://${DEPLOYMENT_BUCKET}"
}
}
}
}
This is a node app. When i try to access below 2 env variables mentioned(REACT_APP_CONFIGS, APP_SPECIFIC_CONFIG) only REACT_APP_CONFIGS works. These values of the params are stored in SSM in AWS. I tried by putting the same value for both variables. But still the same. Ex;-
In my node app
console.log(process.env.REACT_APP_CONFIGS) -> gives correct value
console.log(process.env.APP_SPECIFIC_CONFIG) -> undefined
What is the reason for this behaviour?
When I try to connect with aws-azure-login i get this error:
UnknownEndpoint: Inaccessible host: `sts.amazonaws.com' at port `undefined'. This service may not be available in the `us-east-1' region.
at Request.ENOTFOUND_ERROR (C:\Users\500000198\AppData\Roaming\npm\node_modules\aws-azure-login\node_modules\aws-sdk\lib\event_listeners.js:529:46)
at Request.callListeners (C:\Users\500000198\AppData\Roaming\npm\node_modules\aws-azure-login\node_modules\aws-sdk\lib\sequential_executor.js:106:20)
at Request.emit (C:\Users\500000198\AppData\Roaming\npm\node_modules\aws-azure-login\node_modules\aws-sdk\lib\sequential_executor.js:78:10)
at Request.emit (C:\Users\500000198\AppData\Roaming\npm\node_modules\aws-azure-login\node_modules\aws-sdk\lib\request.js:686:14)
at error (C:\Users\500000198\AppData\Roaming\npm\node_modules\aws-azure-login\node_modules\aws-sdk\lib\event_listeners.js:361:22)
at ClientRequest.<anonymous> (C:\Users\500000198\AppData\Roaming\npm\node_modules\aws-azure-login\node_modules\aws-sdk\lib\http\node.js:99:9)
at ClientRequest.emit (node:events:390:28)
at ClientRequest.emit (node:domain:475:12)
at TLSSocket.socketErrorListener (node:_http_client:447:9)
at TLSSocket.emit (node:events:390:28)
at TLSSocket.emit (node:domain:475:12)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
code: 'UnknownEndpoint',
region: 'us-east-1',
But i want to connect to eu-west-3 instead of us-east-1, it seam that my configured region is never picked up.
> aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region eu-west-3 config-file ~/.aws/config
My ~/.aws/config file :
[default]
azure_tenant_id=d8f7***-**-**-9561de6
azure_app_id_uri=https://signin.aws.amazon.com/saml
azure_default_username=[my compagnie mail]
azure_default_role_arn=
azure_default_duration_hours=12
azure_default_remember_me=false
region=eu-west-3
[profile dev_dom_role]
role_arn=[ my arn role: arn:aws:iam::****:role/dev_dom_role]
source_profile=default
azure_tenant_id=d8f7***-**-**-9561de6
azure_app_id_uri=https://signin.aws.amazon.com/saml
azure_default_username=[my compagnie mail]
azure_default_role_arn=[ my arn role: arn:aws:iam::****:role/dev_dom_role]
azure_default_duration_hours=12
azure_default_remember_me=false
When i try to configure my profile with aws-azure-login --configure -p default every informations is well reconize but unfortunaly it didn't ask for region.
How i connecting ? i try with both role, dev_dom_role and default role :
aws-azure-login --mode=gui --profile dev_dom_role
aws-azure-login --mode=gui
sts.amazonaws.com wasn't reconize
nslookup.exe sts.amazonaws.com
Serveur : ad.intranet.mycompany.fr
Address: 10.10.9.9
*** ad.intranet.mycompany.com dont find sts.amazonaws.com : Non-existent domain
I set the proxy and i was finally able to connect.
PROXY=http://proxy.net:10684
echo "SET PROXY : " $PROXY
export http_proxy=$PROXY
export HTTP_PROXY=$PROXY
export https_proxy=$PROXY
export HTTPS_PROXY=$PROXY
npm config set proxy $PROXY
npm config set https-proxy $PROXY
yarn config set proxy $PROXY
yarn config set https-proxy $PROXY
For AWS CLI configuration and credentials files how do you connect the entries in these files? It is like my credentials work, but my config file does not, though the default profile works.
I am presently getting an error: You must specify a region. You can also configure your region by running "aws configure" when running something like:
aws ec2 describe-instances --profile devenv
However if I run the command:
aws s3api list-buckets --profile devenv
then I get a sensible response, a list of buckets.
Here are the credentials and config files:
~/.aws/credentials
[default]
aws_access_key_id = AAAAAAAAAA
aws_secret_access_key = BBBBBBBBBB
[devenv]
aws_access_key_id = CCCCCCCCCC
aws_secret_access_key = DDDDDDDDDD
[testenv]
aws_access_key_id = EEEEEEEEEE
aws_secret_access_key = FFFFFFFFFF
~/.aws/config
[default]
region = us-east-1
output = json
[devenv]
region = us-west-2
output = json
[testenv]
region = us-east-2
output = json
The problem here is the attention paid to constructing the ~/.aws/config file.
The "default" entry does not need to be prefaced by the word "profile". The non-default entries need a "profile" prefix. Because the default doesn't require the word "profile," while it works, manually constructed, or built using the aws configure command, it is not a model for the format the other entries require.
~/.aws/config
[default]
region = us-east-1
output = json
[profile devenv]
region = us-west-2
output = json
[profile testenv]
region = us-east-2
output = json