I am trying to follow this tutorial to learn about serverless. When i issued following command, I got error
aws cognito-idp sign-up \
--region us-east-2 \
--client-id 6gj*********************bu \
--username admin#example.com \
--password Passw0rd!
An error occurred (NotAuthorizedException) when calling the SignUp operation: Unable to verify secret hash for client 6gj*********************bu
So far i have tried following things but nothing worked
I have made sure the region i am using in the command is the correct one
I have made sure that aws configure is set to correct region (though it doesn't make sense since i am explicitly putting region in the command)
Created new app in cognito pool. ACtually not only created new app, i created a new AWS account to test it out and still getting same issue
I have also tried email and password in single-quotes. and in other combination i tried just the password in single-quotes. in both cases, got the same error
P.S: I am running this command from iTerm2 installed on my mac. I have oh-my-zsh configured on it.
Related
I am authenticating via the following
First I authenticate into AWS via the following
aws ecr get-login-password --region cn-north-1 | docker login --username AWS --password-stdin xxxxxxxxxx.dkr.ecr.cn-north-1.amazonaws.com.cn
Then I created the regcred file that I reference in my deployment config
kubectl create secret generic regcred --from-file=.dockerconfigjson=/home/noobskie/.docker/config.json --type=kubernetes.io/dockerconfigjson
So this was working fine the first 12 hours but now that the AWS token has expired I am having trouble figuring out how to properly refresh it. I have rerun the first command but it doesn't work.
the error I get is
Error response from daemon: pull access denied for xxxxxxxxxxx.dkr.ecr.cn-north-1.amazonaws.com.cn/baopals, repository does not exist or may require 'docker login': denied: Your authorization token has expired. Reauthenticate and try again.
EDIT
I have just discovered that I can just reconfigure with the following command but I am curious if this is the correct way to handle it and if there are any other AWS ways offered.
kubectl create secret generic regcred --from-file=.dockerconfigjson=/home/noobskie/.docker/config.json --dry-run -o yaml | kubectl apply -f -
Use the following command to generate token if aws-cli and aws-iam-authenticator is installed and configured.
aws-iam-authenticator token -i cluster name
SO I am getting a very strange problem when working with aws
I have configured everything according to this tutorial:
https://serverless-stack.com/chapters/login-with-aws-cognito.html
Now the issue that arises is when I tried to create a mock user account. I enter the following into my macOs terminal :
aws cognito-idp sign-up \
--region ca-central \
--client-id 2rj7d9i1mcovi6vv9jbo0njeq3 \
--username admin#example.com \
--password passwordTrial
Now I get the following error:
SO far I have tried the following:
Configured my region to match my user pool, and the command presented above. This is ca-central.
I run the following:
ce
Ok SO the issue was that I was missing the -1 after the region.
should have been
--region ca-central-1 \
But Now I have another error:
zsh: no matches found: passwordTrial
I'm trying to create a reusable delegation set to use as whitelisted nameservers for my domains, using aws cli on Mac OS X. My AWS credentials (those of an IAM profile I created for that purpose with full administrator privileges, an location set to us-east-1) were correctly entered during setup and accepted by the system.
When entering the command
$ aws route53 create-reusable-delegation-set --caller-reference [CALLER-REFERENCE] --hosted-zone-id [HOSTED_ZONE] --generate-cli-skeleton
the request is successful and I get the response:
{
"CallerReference": "",
"HostedZoneId": ""
}
But when I remove --generate-cli-skeleton and enter
aws route53 create-reusable-delegation-set --caller-reference [CALLER-REFERENCE] --hosted-zone-id [HOSTED_ZONE]
I get this:
An error occurred (InvalidClientTokenId) when calling the CreateReusableDelegationSet operation: The security token included in the request is invalid.
I reality, my IAM credentials, despite being valid, and despite the profile I am using (donaldjenkins) having full administrator privileges, are refused systematically in all aws services and for all commands, not just Route53.
I've been unable to pinpoint the cause of this despite extensive research. Any suggestions gratefully receieved.
Deleting my credentials file (Linux, macOS, or Unix: ~/.aws Windows: %UserProfile%\.aws) then running aws configure again worked for me
The solution is to delete existing credentials for the IAM user and issue new ones. For some reason the credentials recorded during the initial setup of aws cli never worked properly, but overwriting them with new ones removed the issue instantly.
I had the same exact issue.
I'm running NodeJS on my local environment, and trying to deploy to Amazon using code deploy and some other aws tools.
What worked for me was to delete the current config and credentials folder, regnerate a new key and use. THis was after i originally installed aws cli and added the keys, had to add the keys again.
Depending on your folder structure, navigate to your home directory.
On mac if you open a new terminal, it should show your current home directory: "/Users/YOURNAME"
cd .aws
rm -rf config
rm -rf credentials
After you do this, go back to your home directory, then run:
"aws configure".
Enter your Key and secret key.
You can find more details here: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-quick-configuration under Quickly Configuring the AWS CLI
I am creating an aws ec2 instance using this tutorial, and I can't find any information on troubleshooting my issue, or any evidence that anyone else has even experienced this!
I used an IAM user with admin permissions to set up an ec2 instance, and when I run
$> aws ec2 get-console-output --instance-id <my-ec2-id>
a blank line is output, followed by
'Output'
and nothing else!
According to the tutorial, this command would enable me to see the remote RSA fingerprint to verify I'm making the right connection.
I can log into my ec2 instance just fine (though I suppose without the previous step there's no way to be absolutely sure).
Additionally, the IAM user I'm working with is not my CLI's default user, and I set up a profile to handle it. But if I try
$> aws ec2 get-console-output --profile <user-profile> --instance-id <my-ec2-id>
I still get the same results as before. The maddening thing is that I have solved this problem before, but I can't remember how.
Certain AWS CLI operations may not explicitly state if the credentials are invalid or if users are lacking the roles/permissions to access the resources defined. In this case, it is likely due to the Access Credentials being invalid - and you can verify this with a describe-instances or similar command.
In older versions of the CLI (~1.7), in order to easier debug this, you can use the --debug argument, such as:
> aws ec2 get-console-output --instance-id i-<id> --debug
<Errors><Error><Code>InvalidInstanceID.NotFound</Code><Message>The instance ID 'i-e7bffa43' does not exist</Message></Error></Errors>
In newer versions of the CLI (1.9) this particular argument gives a bit more detail in its error:
> aws ec2 get-console-output --instance-id i-<id>
A client error (InvalidInstanceID.NotFound) occurred when calling the GetConsoleOutput operation: The instance ID 'i-<id>' does not exist
Ive been trying to setup an aws lambda function for a while now but seem to just keep running into this error. I've followed the basic tutorial and setup everything exactly as it is in the guide for the user I have. But no matter what I keep getting the Unknown component: credential_provider error when trying to do anything via the CLI. Has anyone else run into this or know of a more indepth/better tutorial for setting this up????
The examples show the call being made with a --profile parameter. In most cases you will just want to remove that. If you need to use a profile, then create one in your ~/.aws/config file and make sure the name you give it matches up with the name being used.
I found that I got this error when I told aws-cli to use a profile that didn't exist. (This can be through the --profile option or the AWS_DEFAULT_PROFILE environment variable.)
Check your .aws/config and .aws/credentials files.
Run aws config first, then execute aws lambda create-function ... without the option --profile.
I had the same issue then I realized the issue was because I only had a default profile in my ~/.aws/credentials. Open up the file and see what the profile name is on the first line. Then when you run the create-function you can do --profile <profile name goes here>
While running S3 commands using CLI I received the same error
Unknown component: credential_provider.
The command I ran was :
s3 sync s3://mybucket --region eu-central-1 --profile default
This error comes when I run this command as a sudo user.
So I would suggest run it without sudo. One more thing it does not work with any other user also like for user "test" it would give error :
A client error (AccessDenied) occurred when calling the ListObjects
operation: Access Denied
or something like this for any other cli utility.
It works with default user ubuntu. Login the machine with ubuntu user or change the user to ubuntu and then try running the same lamda function.