I am trying to create a role using CDK and here's requirements
1. access to api gateway(GET,DELETE,PUT,POST)
2. has a trust relationship with an aws account, "1234567"
Here's my CDK typescript code:
const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', {
roleName: 'IMAAPIGatewayAccessRole',
assumedBy: new iam.AnyPrincipal(),
});
role.addToPolicy(new PolicyStatement(iam.PolicyStatementEffect.Allow)
.addAwsAccountPrincipal('1234567')
.addActions(
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
)
.addAllResources()
);
But I am having MalformedPolicyDocument error
But I am not getting it without addAwsAccountPrincipal().
AssumeRolepolicy contained an invalid principal: "STAR":"*". (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: cb4073ee-aa5d-11e9-b299-c7ffa44eb0ca)
new Role (/Users//workspace/cdk/node_modules/#aws-cdk/aws-iam/lib/role.ts:200:18)
\_ new Ims (/Users//workspace/cdk/bin/cdk.ts:25:22)
\_ Object.<anonymous> (/Users//workspace/cdk/bin/cdk.ts:285:1)
\_ Module._compile (internal/modules/cjs/loader.js:774:30)
\_ Module.m._compile (/Users//workspace/cdk/node_modules/ts-node/src/index.ts:439:23)
\_ Module._extensions..js (internal/modules/cjs/loader.js:785:10)
\_ Object.require.extensions.<computed> [as .ts] (/Users//workspace/cdk/node_modules/ts-node/src/index.ts:442:12)
\_ Module.load (internal/modules/cjs/loader.js:641:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:556:12)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:837:10)
\_ Object.<anonymous> (/Users//workspace/cdk/node_modules/ts-node/src/bin.ts:154:12)
\_ Module._compile (internal/modules/cjs/loader.js:774:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:785:10)
\_ Module.load (internal/modules/cjs/loader.js:641:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:556:12)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:837:10)
\_ /usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14
What is wrong with my code?
addAwsAccountPrincipal('1234567') doesn't actually work for me. Maybe it's a bug.
Instead, below worked for me.
const allowedAccountPrincipals = subscriberAccountIds.map(id => new AccountPrincipal(id));
const [firstPrincipal, ...additionalAllowedPrincipal] = allowedAccountPrincipals;
const allowedPrincipals = new CompositePrincipal(firstPrincipal, ...additionalAllowedPrincipal);
const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', {
roleName: 'IMAAPIGatewayAccessRole',
assumedBy: allowedPrincipals,
});
Related
I am requiring artifacts/contracts/sol but it is giving error
node:internal/modules/cjs/loader:936
throw err;
^
Error: Cannot find module 'artifacts/contracts/ManufactureProductDetails.sol/ManufactureProductDetails.json'
Require stack:
/Users/namankumar/Desktop/FakeProductCode21/app.js
at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15)
at Function.Module._load (node:internal/modules/cjs/loader:778:27)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object. (/Users/namankumar/Desktop/FakeProductCode21/app.js:25:18)
at Module._compile (node:internal/modules/cjs/loader:1105:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12) {
code: 'MODULE_NOT_FOUND',
requireStack: [ '/Users/namankumar/Desktop/FakeProductCode21/app.js' ]
}
I cannot upload the image because of some reason here is the link:https://drive.google.com/file/d/12z9_sDkvZOparXRPfMeHhy3xYbOM5D5B/view?usp=sharing
I have a problem deploying serverless service on EC2/ECS environment.
Since I am deploying on EC2/ECS environment, I need to use credential_source to access instance iam role. (No file on ~/.aws/credentials)
## ~/.aws/config
[profile dev]
role_arn = arn:aws:iam::XXXXXXXXXXXX:role/CrossAccount-AssumeJenkins
output = json
credential_source=EcsContainer #Ec2InstanceMetadata on EC2
region = ap-southeast-1
It's working on AWS cli.
aws s3 ls --profile dev #working
But when I try to deploy serverless, it's not working.
#load config from ~/.aws/config
export AWS_SDK_LOAD_CONFIG=1
sls deploy --stage dev --verbose
sls deploy --stage dev --verbose --aws-profile dev #also not working
Below is the error stack.
Error --------------------------------------------------
Error: ENOENT: no such file or directory, open '/home/ec2-user/.aws/credentials'
at Object.openSync (fs.js:443:3)
at Object.readFileSync (fs.js:343:35)
at Object.readFileSync (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at Config.region (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/node_loader.js:100:36)
at Config.set (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/config.js:507:39)
at Config.<anonymous> (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/config.js:342:12)
at Config.each (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/util.js:507:32)
at new Config (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/config.js:341:19)
at Object.<anonymous> (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/node_loader.js:110:14)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object.<anonymous> (/usr/lib/node_modules/serverless/node_modules/aws-sdk/lib/aws.js:1:1)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object.<anonymous> (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:3:13)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at Object.<anonymous> (/usr/lib/node_modules/serverless/lib/plugins/index.js:24:3)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at PluginManager.loadAllPlugins (/usr/lib/node_modules/serverless/lib/classes/PluginManager.js:110:10)
at pluginManager.loadConfigFile.then.then (/usr/lib/node_modules/serverless/lib/Serverless.js:96:35)
From previous event:
at Serverless.init (/usr/lib/node_modules/serverless/lib/Serverless.js:94:8)
at initializeErrorReporter.then (/usr/lib/node_modules/serverless/bin/serverless.js:74:8)
at runCallback (timers.js:705:18)
at tryOnImmediate (timers.js:676:5)
at processImmediate (timers.js:658:5)
at process.topLevelDomainCallback (domain.js:126:23)
From previous event:
at Object.<anonymous> (/usr/lib/node_modules/serverless/bin/serverless.js:64:4)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
at startup (internal/bootstrap/node.js:283:19)
at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3)
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: linux
Node Version: 10.18.1
Framework Version: 1.62.0
Plugin Version: 3.3.0
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
After touching ~/.aws/credentials, below is the new error.
## ~/.aws/credentials
[default]
#no entry
Here is the error stack.
Error --------------------------------------------------
Error: Profile dev does not exist
at Object.addProfileCredentials (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:100:15)
at AwsProvider.getCredentials (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:374:12)
at AwsProvider.request (/usr/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:226:48)
at Variables.getValueFromCf (/usr/lib/node_modules/serverless/lib/classes/Variables.js:756:8)
at Variables.getValueFromSource (/usr/lib/node_modules/serverless/lib/classes/Variables.js:567:17)
at Variables.splitAndGet (/usr/lib/node_modules/serverless/lib/classes/Variables.js:436:17)
at _.map.match (/usr/lib/node_modules/serverless/lib/classes/Variables.js:373:41)
at arrayMap (/usr/lib/node_modules/serverless/node_modules/lodash/lodash.js:639:23)
at Function.map (/usr/lib/node_modules/serverless/node_modules/lodash/lodash.js:9554:14)
at Variables.populateMatches (/usr/lib/node_modules/serverless/lib/classes/Variables.js:373:14)
at Variables.populateValue (/usr/lib/node_modules/serverless/lib/classes/Variables.js:404:30)
at _.map.variable (/usr/lib/node_modules/serverless/lib/classes/Variables.js:286:12)
at arrayMap (/usr/lib/node_modules/serverless/node_modules/lodash/lodash.js:639:23)
at Function.map (/usr/lib/node_modules/serverless/node_modules/lodash/lodash.js:9554:14)
at Variables.populateVariables (/usr/lib/node_modules/serverless/lib/classes/Variables.js:285:14)
at Variables.populateObjectImpl (/usr/lib/node_modules/serverless/lib/classes/Variables.js:318:30)
at prepopulateService.then (/usr/lib/node_modules/serverless/lib/classes/Variables.js:199:16)
at runCallback (timers.js:705:18)
at tryOnImmediate (timers.js:676:5)
at processImmediate (timers.js:658:5)
at process.topLevelDomainCallback (domain.js:126:23)
From previous event:
at initialCall (/usr/lib/node_modules/serverless/lib/classes/Variables.js:198:10)
at Variables.initialCall (/usr/lib/node_modules/serverless/lib/classes/Variables.js:102:12)
at Variables.populateService (/usr/lib/node_modules/serverless/lib/classes/Variables.js:196:17)
at Serverless.run (/usr/lib/node_modules/serverless/lib/Serverless.js:120:27)
at serverless.init.then (/usr/lib/node_modules/serverless/bin/serverless.js:75:30)
at /usr/lib/node_modules/serverless/node_modules/graceful-fs/graceful-fs.js:136:16
at /usr/lib/node_modules/serverless/node_modules/graceful-fs/graceful-fs.js:57:14
at FSReqWrap.args [as oncomplete] (fs.js:140:20)
From previous event:
at initializeErrorReporter.then (/usr/lib/node_modules/serverless/bin/serverless.js:75:8)
at runCallback (timers.js:705:18)
at tryOnImmediate (timers.js:676:5)
at processImmediate (timers.js:658:5)
at process.topLevelDomainCallback (domain.js:126:23)
From previous event:
at Object.<anonymous> (/usr/lib/node_modules/serverless/bin/serverless.js:64:4)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
at startup (internal/bootstrap/node.js:283:19)
at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3)
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: linux
Node Version: 10.18.1
Framework Version: 1.62.0
Plugin Version: 3.3.0
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
I am trying to setup a rate based rule using AWS CDK (#aws-cdk/aws-wafregional v1.4.0).
This is my very simple JavaScript-setup:
const cdk = require('#aws-cdk/core');
const waf = require('#aws-cdk/aws-wafregional');
class TstStack extends cdk.Stack {
constructor(scope, id, props) {
super(scope, id, props);
const rule = new waf.CfnRateBasedRule(this, 'rule', {
metricName: `rateRule`,
name: 'rate-rule',
rateKey: 'IP',
rateLimit: 2010
});
const acl = new waf.CfnWebACL(this, 'acl', {
defaultAction: { type: 'ALLOW' },
metricName: 'rateAcl',
name: 'rate-acl',
rules: [{
action: { type: 'BLOCK' },
priority: 1,
ruleId: rule.ref
}]
});
}
}
module.exports = { TstStack }
To create the rule is no problem. But the stack creation fails on the Web ACL. The error message is:
The referenced item does not exist. (Service: AWSWAFRegional; Status Code: 400; Error Code: WAFNonexistentItemException
What am I missing here, why is it not possible to create the CfnWebACL-object?
For reference, the complete output:
3/4 | 9:49:31 PM | CREATE_FAILED | AWS::WAFRegional::WebACL | acl The referenced item does not exist. (Service: AWSWAFRegional; Status Code: 400; Error Code: WAFNonexistentItemException; Request ID: e4d897ef-c138-11e9-bf23-fb4702c5a89a)
new TstStack (/app/infrastructure/apps/tst/lib/tst-stack.js:16:21)
\_ Object.<anonymous> (/app/infrastructure/apps/tst/bin/tst.js:9:1)
\_ Module._compile (internal/modules/cjs/loader.js:778:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
\_ Module.load (internal/modules/cjs/loader.js:653:32)
\_ tryModuleLoad (internal/modules/cjs/loader.js:593:12)
\_ Function.Module._load (internal/modules/cjs/loader.js:585:3)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
\_ startup (internal/bootstrap/node.js:283:19)
\_ bootstrapNodeJSCore (internal/bootstrap/node.js:622:3)
This aggravated me for a while also. I finally saw the following in the CloudFormation documentation for the rate-rules:
Note you can only create rate-based rules using a CloudFormation template. To add the rate-based rules created through CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL.
Basically, you can create the rule, but you can't associate it with an ACL through AWS CloudFormation.
We are in the process of migrating from parse.com to AWS.
The solution works perfectly fine locally, however once i eb deploy to AWS, it cannot load the cloud code file.
Error: Cannot find module '/cloud/main.js'
at Function.Module._resolveFilename (module.js:325:15)
at Function.Module._load (module.js:276:25)
at Module.require (module.js:353:17)
at require (internal/module.js:12:17)
at new ParseServer (/var/app/current/node_modules/parse-server/lib/ParseServer.js:268:9)
at new _ParseServer (/var/app/current/node_modules/parse-server/lib/index.js:38:16)
at Object.<anonymous> (/var/app/current/index.js:8:11)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
My parse server config looks like this:
var api = new ParseServer({
databaseURI: config.DATABASE_URI ,
cloud: __dirname + '/cloud/main.js' ,
appId: config.parse.APP_ID,
masterKey: config.parse.MASTER_KEY ,
restApiKey: config.parse.REST_API_KEY,
serverURL: config.parse.SERVER_URL // Don't forget to change to https if needed
});
AWS obviously cant find the file # __dirname + '/cloud/main.js'
What should i set this to for AWS?
So I just removed the leading / and now it works.
It now reads cloud: 'cloud/main.js' ,
I'm trying do deploy a jhipster 3.0.0 project to aws, following the guide here: http://jhipster.github.io/aws/
The problem is that "yo jhipster:aws" command fails with the following error:
D:\Jenkins\workspace\CasualtyManager>yo jhipster:aws
D:\Jenkins\workspace\CasualtyManager\node_modules\generator-jhipster\generators\aws\lib\s3.js:87
httpOptions: {timeout: 600000}
^^^^^^^^^^^
SyntaxError: Unexpected identifier
at exports.runInThisContext (vm.js:53:16)
at Module._compile (module.js:373:25)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
at Function.Module._load (module.js:300:12)
at Module.require (module.js:353:17)
at require (internal/module.js:12:17)
at Object.<anonymous> (D:\Jenkins\workspace\CasualtyManager\node_modules\generator-jhipster\generators\aws\lib\aws.js:2:10)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
I just had this issue. I resolved it by adding a , after signatureVersion and httpOptions in the s3.js file. It should look like this:
signatureVersion: 'v4',
httpOptions: {timeout: 600000},