SO I am getting a very strange problem when working with aws
I have configured everything according to this tutorial:
https://serverless-stack.com/chapters/login-with-aws-cognito.html
Now the issue that arises is when I tried to create a mock user account. I enter the following into my macOs terminal :
aws cognito-idp sign-up \
--region ca-central \
--client-id 2rj7d9i1mcovi6vv9jbo0njeq3 \
--username admin#example.com \
--password passwordTrial
Now I get the following error:
SO far I have tried the following:
Configured my region to match my user pool, and the command presented above. This is ca-central.
I run the following:
ce
Ok SO the issue was that I was missing the -1 after the region.
should have been
--region ca-central-1 \
But Now I have another error:
zsh: no matches found: passwordTrial
Related
I use saml2aws with Okta authentication to access aws from my local machine. I have added k8s cluster config as well to my machine.
While trying to connect to k8s suppose to list pods, a simple kubectl get pods returns an error [Errno 2] No such file or directory: '/var/run/secrets/eks.amazonaws.com/serviceaccount/token' Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 255
But if i do saml2aws exec kubectl get pods i am able to fetch pods.
I dont understand if the problem is with storing of credentials or where do i begin to even understand the problem.
Any kind of help will be appreciated.
To Integrate Saml2aws with OKTA , you need to create a profile in saml2aws first
Configure Profile
saml2aws configure \
--skip-prompt \
--mfa Auto \
--region <region, ex us-east-2> \
--profile <awscli_profile> \
--idp-account <saml2aws_profile_name>> \
--idp-provider Okta \
--username <your email> \
--role arn:aws:iam::<account_id>:role/<aws_role_initial_assume> \
--session-duration 28800 \
--url "https://<company>.okta.com/home/amazon_aws/......."
URL, region ... can be got from OKTA integration UI.
Login
samle2aws login --idp-account <saml2aws_profile_name>
that should prompt you for password and MFA if exist.
Verification
aws --profile=<awscli_profile> s3 ls
then finally , Just export AWS_PROFILE by
export AWS_PROFILE=<awscli_profile>
and use awscli directly
aws sts get-caller-identity
In the beginning, this command worked. But, now it is not working.
aws configure
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin xxxxxxxxxxxx.dkr.ecr.us-east-2.amazonaws.com
output is:
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid
Error: Cannot perform an interactive login from a non TTY device
aws cli version is:
aws --version
aws-cli/2.2.41 Python/3.8.8 Linux/4.15.0-101-generic exe/x86_64.linuxmint.19 prompt/off
When I use different computer with same access-key and secret-key, following command works:
aws configure
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin xxxxxxxxxxxx.dkr.ecr.us-east-2.amazonaws.com
output was:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
So, I think access-key and secret-key are fine. And, there is something wrong with aws-cli configuration. I have also tried reinstalling aws-cli but no success.
Source I used to reinstall aws-cli:
reinstall aws-cli
OS in which it's not working: Linux Mint 19
OS in which it worked: Ubuntu 20.04
I was running aws ecr command in root user which was not giving proper error message.
When I run aws ecr command in public user, then it gave a proper error message, i.e., Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock; So, I changed the permission of this file docker.sock from user root to public user and group docker to docker using command:
chown myPublicUser:docker /var/run/docker.sock
Now, run aws ecr using public user, it should work.
I am trying to follow this tutorial to learn about serverless. When i issued following command, I got error
aws cognito-idp sign-up \
--region us-east-2 \
--client-id 6gj*********************bu \
--username admin#example.com \
--password Passw0rd!
An error occurred (NotAuthorizedException) when calling the SignUp operation: Unable to verify secret hash for client 6gj*********************bu
So far i have tried following things but nothing worked
I have made sure the region i am using in the command is the correct one
I have made sure that aws configure is set to correct region (though it doesn't make sense since i am explicitly putting region in the command)
Created new app in cognito pool. ACtually not only created new app, i created a new AWS account to test it out and still getting same issue
I have also tried email and password in single-quotes. and in other combination i tried just the password in single-quotes. in both cases, got the same error
P.S: I am running this command from iTerm2 installed on my mac. I have oh-my-zsh configured on it.
I'm trying to create a chatbot using aws-cli .Going through the Steps in Documentation in https://docs.aws.amazon.com/lex/latest/dg/gs-create-flower-types.html
I couldn't understand what endpoint did it mean in the documentation as shown in the syntax.
aws lex-models put-slot-type \
--region region \
--endpoint endpoint \
--name FlowerTypes \
--cli-input-json file://FlowerTypes.json
What is the endpoint in the above syntax?
You can find the list of endpoints for Lex at this link
For your current case, https://models.lex.us-east-1.amazonaws.com/ will work as endpoint, given that your region is us-east-1.
Below code will work if you are using Windows machine:
aws lex-models put-slot-type ^
--region us-east-1 ^
--endpoint https://models.lex.us-east-1.amazonaws.com/ ^
--name FlowerTypes ^
--cli-input-json file://FlowerTypes.json
Keep the input json file in the same folder where you have opened the CLI.
I have the AWS CLI installed on Windows and am using the Windows command prompt.
I am trying to use Rekognition but I cannot seem to get any commands working. The closest I have gotten is with:
aws rekognition detect-faces --image S3Object=\{Bucket=innovation-bucket,Name=image.jpg,Version=1\} --attributes "ALL" --region us-east-1
This results in:
Error parsing parameter '--image': Expected: ',', received: '}' for input: S3Object={Bucket=innovation-bucket,Name=image.jpg,Version=1}
Why is it expecting a comma?
EDIT:
When I try the format from the documentation I also get errors:
aws rekognition detect-faces --image '{"S3Object":{"Bucket":"innovation-bucket","Name":"image.jpg"}}' --attributes "ALL" --region us-east-1
Error parsing parameter '--image': Expected: '=', received ''' for input: '{"S3Object":{"Bucket":"innovation-bucket","Name":"image.jpg"}}'
1) Your AWS CLI should be something like below, refer this documentation:
aws rekognition search-faces-by-image \
--image '{"S3Object":{"Bucket":"bucket-name","Name":"Example.jpg"}}' \
--collection-id "collection-id" \
--region us-east-1 \
--profile adminuser
2) If your AWS CLI installed on windows box, make sure you change "the single quotes to double quotes and the double quotes to escaped quotes"