I ventured asking this question because I am getting the following error when I try to run any command in aws cli
Could not connect to the endpoint URL: "https://mturk-requester.us-west-1.amazonaws.com/"
I am in norhtern California and my config file reads:
region = us-west-1
output = table
Therefore I am not experiencing the 1a error described in the questions already answered here and there.
I am also able to communicate with the server using all the steps described here.
The commands I've been attempting to run are:
aws mturk get-account-balance
aws mturk list-hits
I believe this is because mturk is only available in us-east-1 which is also considered the AWS global region, this is mentioned in the documentation for the SDK and the only region mentioned on the endpoints page.
Configure the AWS SDK to use the ‘us-east-1’ region. This is the region in which the MTurk API is available.
If you specify the --region flag and set the value to us-east-1 it should be able to connect to the mechanical turk endpoint.
Related
I am trying to setup some build and deployment servers based on EC2 instances to deploy software to AWS via CloudFormation.
The current setup uses the AWS CLI to deploy CloudFormation templates, and authentication is handled using a credentials profile where the ~/.aws/config file has a profile with:
[profile x]
role_arn = x
credential_source = Ec2InstanceMetadata
region = x
The setup using the AWS CLI appears to be working fine, and can deploy CloudFormation templates, upload files to S3 etc.
I wanted to automate this further and use a configuration-based approach to allow for more flexibility in our deployments. To achieve this, I have written some Python code to parse a config file and use the Boto3 library (which the AWS CLI also uses) to replicate the functionality. However when I am trying to do similar things in Boto3 (like deploy CloudFormation and upload files to S3), I get the following error: Connection to sts.amazonaws.com timed out. Unfortunately I can't provide the full stack trace since it's on a separate network. I am running Python 3.7 and boto3-1.21-13, botocore-1.24.13.
I assume it might be because I need to setup a VPC endpoint for STS? However, I can't work out why and how the AWS CLI works fine, but Boto3 doesn't. Especially since AWS CLI uses Boto3 under the hood.
In addition, I have confirmed that I can retrieve instance metadata using curl from the EC2 instances.
To reproduce the error, this command fails for me:
python -c "import boto3;print(boto3.Session(profile_name='x').client('s3').list_objects('bucket')"
However this AWS cli command works:
aws --profile x s3 ls bucket
I guess I don't understand why the AWS CLI command works, when the boto3 command fails. Why does boto3 needs to call the sts.amazonaws.com endpoint, when the AWS CLI seemingly doesn't? What am I missing?
The aws cli and boto3 both use botocore, which is only a minor detail. Nevertheless, both the cli and boto3, when run in the same environment with the same access to the credentials, should indeed be able to reach the same endpoint.
This:
aws sts get-caller-identity --profile x
and:
python -c "import boto3;print(boto3.Session(profile_name='x').client('sts').get_caller_identity())"
are equivalent and should make the same api calls to the same endpoint.
As an aside, I find it is often best not to have your code concerned with session handling at all. It seems most simple to me for the code to expect the environment to handle that. So just export AWS_PROFILE and run the code. This prevents other user of the script from having to have the same profile and name it the same.
Yeah so it turns out I just needed to set/export AWS_STS_REGIONAL_ENDPOINTS='regional'.
After many hours of trawling the botocore and awscli source and logs, I found out that botocore sets it by default to 'legacy'.
Where as in v2 of the AWS CLI, they set it to 'regional'.
I recently enabled flow logs for global accelerator to troubleshoot an issue. below is the AWS CLI command i ran to enable flowlogs for global accelerator as per aws article.
aws globalaccelerator update-accelerator-attributes
--accelerator-arn arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh
--region us-west-2
--flow-logs-enabled
--flow-logs-s3-bucket s3-bucket-name
--flow-logs-s3-prefix s3-bucket-prefix
My S3 bucket is getting huge with the GA flow logs and I no longer need these logs, I would like to disable the flow logs for global accelerator and I don't find a working aws cli command to disable the flow logs for global accelerator. --flow-logs-disabled doesnt exist.
The option you are looking for is:
--no-flow-logs-enabled
So your commandline would become:
aws globalaccelerator update-accelerator-attributes
--accelerator-arn arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh
--region us-west-2
--no-flow-logs-enabled
See the documentation for details: https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/update-accelerator-attributes.html
Can anyone help me understand why I can't see anything when running the command:
$ aws route53domains list-domains --region us-east-1
{
"Domains": []
}
Looking at the console, I can see that I have 5 hosted domains. The problem is that I am fairly sure that 4 of these were created in cdk, but did not successfully delete during updates. Therefore, I want to find the detailed information on them using this cli command so I know which ones I can safely delete.
My undersatnding is that while I am in an ap-southeast region, all hosted domains live in us-east-1. This is supported by the fact that if I issue the command without the region specified or specify any other region, it fails with this error:
Could not connect to the endpoint URL: "https://route53domains.us-east-2.amazonaws.com/"
I think you're looking for aws route53 list-hosted-zones. The route53domains command is for the domain registration service (similar to GoDaddy). route53 is the DNS service.
I recently spun up a t2.micro image and I want to install neo4j on it. I started with the instructions at https://neo4j.com/developer/neo4j-cloud-aws-ec2-ami/. But I got to the step for creating a security group and I received an error that a region needed to be supplied. Here is the command I used:
aws ec2 create-security-group \
--group-name $GROUP \
--description "Neo4j security group"
The error message was
You must specify a region. You can also configure your region by running "aws configure".
When I run this command I get prompted by a lot of stuff that don't seem related to region? Not only am I prompted for values that I don't know where/how to get them, when I am prompted for the region I am not sure the format to enter the region. So my question is how to I configure a security group so I can move on to installing neo4j on this instance?
There are still several steps to follow to install neo4j, but I seem to be tripped up on this step.
The commands expect a default region under ~/.aws/config
[default]
region=us-west-2
output=json
On the link that you have shared, there is a step to "Configure the AWS CLI with Your Credentials". This step allows you setup aws profile(s) and as part of those profiles, you can set a region.
Follow this link to understand how you can setup your aws profile with credentials and region details
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
Hope it helps
I am adding SNS to applications on AWS Beanstalk. I want to know which SNS topics the application/environment is attaching to. I tried
aws --region us-east-1 elasticbeanstalk describe-environments
It only gets a very vague file telling me the app is associated with one sns but no name no arn. Also, my ARM role has no access to the AWS Configuration.
Any thoughts?
My mistake. The command actually shows the detailed configuration info.