I'm trying to put a bucket replication cross account by AWS CLI:
aws s3api put-bucket-replication --bucket "mybucket"
--replication-configuration "{\"Role\": \"arn:aws:iam::xxxxxxx:role/buckets-replication\", \"Rules\": [{
\"Status\": \"Enabled\", \"Priority\": 1, \"DeleteMarkerReplication\":
{ \"Status\": \"Enabled\" }, \"Destination\": { \"Bucket\":
\"arn:aws:s3:::mybucket-destination\", \"AccessControlTranslation\": {
\"Owner\": \"Destination\" } } }]}" --region "eu-west-1" --profile
default
and I get this error:
An error occurred (MalformedXML) when calling the PutBucketReplication
operation: The XML you provided was not well-formed or did not
validate against our published schema
The corresponding Xml is:
<ReplicationConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Role>string</Role>
<Rule>
<Status>string</Status>
<Priority>integer</Priority>
<DeleteMarkerReplication>
<Status>string</Status>
</DeleteMarkerReplication>
<Destination>
<Bucket>string</Bucket>
<AccessControlTranslation>
<Owner>string</Owner>
</AccessControlTranslation>
</Destination>
</Rule>
</ReplicationConfiguration>
I really don't see what is wrong in the syntax. I followed this documentation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html#AmazonS3-PutBucketReplication-request-Role
It seems that
<DeleteMarkerReplication>
<Status>string</Status>
</DeleteMarkerReplication>
is required, even if set to Disabled.
Related
I'm trying to use the cli to retrieve an embedded quicksight dashboard url.
However, I keep getting the error QuickSightUserNotFoundException.
I was following this guide to retrieve the url link.
The steps:
aws sts assume-role --role-arn "<ARN>" --role-session-name testsession
which returns
{
"Credentials": {
"AccessKeyId": "<KEY>",
"SecretAccessKey": "<KEY>",
"SessionToken": "<TOKEN>",
"Expiration": "2019-07-04T04:54:21Z"
},
"AssumedRoleUser": {
"AssumedRoleId": "<ID>:testsession",
"Arn": "<ARN>/testsession"
}
}
Then I execute
aws quicksight get-dashboard-embed-url --aws-account-id <ID> --dashboard-id <ID> --identity-type IAM
which returns the error
An error occurred (QuickSightUserNotFoundException) when calling the GetDashboardEmbedUrl operation: Could not find user information in QuickSight
Assuming now that the user is not part of QuickSight, I execute the command below to add the user
aws quicksight register-user --aws-account-id <ID> --namespace default --identity-type IAM --iam-arn "<ARN>" --user-role READER --session-name "testsession" --email user123#example.com --region us-east-1
which returns
{
"Status": 201,
"User": {
"Arn": "<ARN>/testsession",
"UserName": "<NAME>/testsession",
"Email": "user123#example.com",
"Role": "READER",
"Active": false,
"PrincipalId": "<ID>"
},
"RequestId": "<ID>"
}
Now trying the get url from before again I still get the same error...
Did you create a Policy for the QuickSight user and attach it to the same?
You can check which user is allowed on QuickSight by running the following command:
aws quicksight list-users --aws-account-id <account-id> --namespace default --region <region-name>
This will list all the users who are allowed to use and access your QuickSight instance.
Also, check this latest blog about embedding the QuickSight Analytics:
https://aws.amazon.com/blogs/big-data/embed-multi-tenant-analytics-in-applications-with-amazon-quicksight/
Consider the example:
aws cognito-idp admin-update-user-attributes --user-pool-id myUserPollId
--username myUser
--user-attributes [{"Name": "custom:roles","Value": "ROLE1,ROLE2"}] --region us-east-1
This gets me error:
Invalid JSON:
[{Name:
You can always try using shorthand syntax:
--user-attributes Name="custom:roles",Value="ROLE1,ROLE2"
If you really want to use the JSON syntax, try this:
--user-attributes '[{"Name" : "custom:roles","Value" : "ROLE1,ROLE2"}]'
Ensure that the user-attributes list is enclosed in single quotes
--user-attributes '[{"Name": "phone_number", "Value": "+123434532"},
{"Name": "name", "Value":"name_your"}]'
In case someone get stuck in the same problem again, below are the tested steps to have user attributes updated via aws cli with json file.
Step 0: Setup AWS CLI in case you haven't already. Mac users can run:
brew install awscli
Step 1: Have a valid json handy with you, saved in a file. Sample json with valid format:
{
"UserAttributes": [{
"Name": "custom:additional-attribute1",
"Value": "Value for additional attribute 1"
},
{
"Name": "custom:additional-attribute2",
"Value": "Value for additional attribute 2"
}
]
}
Step 2: Run the following in your console:
aws cognito-idp admin-update-user-attributes --user-pool-id XX-XXXX-X_XXXXXXXXX --username XXXXX#XXXXX.com --cli-input-json file:///Users/YOUR_PATH_TO_THE_FILE/user-attributes.json
Parameters:
--user-pool-id :: Your user pool ID.
--username :: The user you want to udpate.
--cli-input-json :: This is the command that loads json file and parses it.
That's it. If your json is valid and aws cli authorises, the given user record should be updated instantly.
I am trying to upload an 18GB .vhd file to S3.
I have done the following process :
aws s3api create-multipart-upload --bucket amcaebucket --key 'multipart/01'
where my-bucket is the name of my bucket.
I got the following response :
{
"Bucket": "amcaebucket",
"UploadId": "xxxxxxxxxxx",
"Key": "multipart/01"
}
My next command :
aws s3api upload-part --bucket amcaebucket --key 'multipart/01' --part-number 1 --upload-id "xxxxxxxxxxxx"
I got the following error :
An error occurred (AllAccessDisabled) when calling the UploadPart operation: All access to this object has been disabled.
What do I do??
I am using command :
put-key-policy --key-id <keyid> --policy-name <default> --policy <value>
I get the error
MalformedPolicyDocumentException
I think its because I didn’t understand the value –policy parameter takes.
Any links I can refer?
I came across the same thing myself and I hope this helps. This was done on a FreeBSD server, so windows users will have to make appropriate adjustments. If you run something like:
$ aws kms put-key-policy --generate-cli-skeleton
You'll get back a skeleton of what the cli is looking for as input:
{
"KeyId": "",
"PolicyName": "",
"Policy": "",
"BypassPolicyLockoutSafetyCheck": true
}
Meaning that the allowable input is a piece of JSON with up to 4 possible parameters. In this case we're looking to create a new policy so the only one we really need is "Policy". What's required is a JSON policy in the form of a string. Using the following as an example:
{
"Version" : "2012-10-17",
"Id" : "key-consolepolicy-3"
}
First escape the double quotes, giving:
{
\"Version\" : \"2012-10-17\",
\"Id\" : \"key-consolepolicy-3\"
}
Then replace the newlines by \n characters, giving:
{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-consolepolicy-3\"\n }
And then we put this into double quotes:
"{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-consolepolicy-3\"\n }"
And finally our file looks like this:
{
"Policy" : "{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-consolepolicy-3\"\n }"
}
If you already have a key with a policy you'd like to use then you can simply retrieve it:
$ aws kms get-key-policy --policy-name default --key-id XXXXXXXXX > policy
Whichever way you create it, you can then use the policy in the file to update the policy for the new key:
$ aws kms put-key-policy --key-id YYYYYYYY --policy-name default --cli-input-json file://policy
On Windows, the "file://policy" would be something like: "file://C:\path\to\policyfile.json"
If you're going to use the --policy command line argument rather than a policy in a file, --policy is also looking for a JSON policy in the form of a string, so you need
$ aws kms put-key-policy --key-id YYYYYYYY --policy-name default --policy "{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-consolepolicy-3\"\n }"
Why doesn't this just work? Pulling the tags listed with my rds instance:
aws rds list-tags-for-resource --resource-name arn:aws:rds:eu-central-1:12345678901:db:pa1jyg4oc56mipf
{
"TagList": [
{
"Value": "DatabaseRdsInstance",
"Key": "aws:cloudformation:logical-id"
},
{
"Value": "production-test-123",
"Key": "aws:cloudformation:stack-name"
},
{
"Value": "arn:aws:cloudformation:eu-central-1:12345678901:stack/production-test-123/1234abc-56f9-11e5-b10e-50d501fbb66e",
"Key": "aws:cloudformation:stack-id"
}
]
}
Filtering on one of those tags fails:
aws rds describe-db-instances --filters Name="tag:aws:cloudformation:stack-name",Values=production-test-123
A client error (InvalidParameterValue) occurred when calling the DescribeDBInstances operation: Unrecognized filter name: tag:aws:cloudformation:stack-name
Nor does it work when I leave the tag part from the Name:
aws rds describe-db-instances --filters Name="aws:cloudformation:stack-name",Values="production-test-123"
A client error (InvalidParameterValue) occurred when calling the DescribeDBInstances operation: Unrecognized filter name: aws:cloudformation:stack-name
What am I missing here?
According to the documentation the --filters option is currently unsupported unfortunately.
You will have to perform the filtering on the tags on the client side instead.
Instead of using list-tag-resources you can try with resourcegroupstaggingapi.
aws resourcegroupstaggingapi get-resources --resource-type-filters rds:db --tag-filters Key=aws:cloudformation:stack-id,Values=arn:aws:cloudformation:eu-central-1:12345678901:stack/production-test-123/1234abc-56f9-11e5-b10e-50d501fbb66e. It should work