I have been trying to execute below command but it resulted in an error
aws cloudfront update-distribution --id E29BDBENPXM1VE \
--Origins '{ "Items": [{
"OriginPath": "",
"CustomOriginConfig": {
"OriginSslProtocols": {
"Items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"Quantity": 3
}
}
}
]
}'
ERROR::: Unknown options: { "Items": [{
"OriginPath": "",
"CustomOriginConfig": {
"OriginSslProtocols": {
"Items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"Quantity": 3
}
}
}
]
}, --Origins
I have to remove cloudfront : OriginSslProtocols:SSLv3
aws cloudfront update-distribution --id E29BDBENPXM1VE \
--Origins '{ "Items": [{
"OriginPath": "",
"CustomOriginConfig": {
"OriginSslProtocols": {
"Items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"Quantity": 3
}
}
}
]
}'
1) How to fix above code,if not possible if there any command other than below command to disable/remove OriginSslProtocols:SSLv3
aws cloudfront update-distribution --id E29BDBENPXM1VE --distribution-config file://secure-ssl.json --if-match E35YV3CGILXQDJ
You are using the right command and it should be possible to do what you want.
However, it is slightly more complicated.
The corresponding reference page for the cli command aws cloudfront update-distribution says:
When you update a distribution, there are more required fields than when you create a distribution.
That is why you must follow the steps which are given in the cli reference [1]:
Submit a GetDistributionConfig request to get the current configuration and an Etag header for the distribution.
Update the XML document that was returned in the response to your GetDistributionConfig request to include your changes.
Submit an UpdateDistribution request to update the configuration for your distribution:
In the request body, include the XML document that you updated in Step 2. The request body must include an XML document with a DistributionConfig element.
Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GetDistributionConfig request in Step 1.
Review the response to the UpdateDistribution request to confirm that the configuration was successfully updated.
Optional: Submit a GetDistribution request to confirm that your changes have propagated. When propagation is complete, the value of Status is Deployed .
Fore info about the correct xml format is given in the CloudFront API Reference [2].
References
[1] https://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html
[2] https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html
Related
My code is looks like this and when
import { FileUpload } from "../types/scalars/Upload.scalar";
new S3.ManagedUpload({
params: {
ACL: "public-read",
Bucket: process.env.AWS_BUCKETNAME || "",
Body: upload.createReadStream(),
Key: filename || upload.filename,
CacheControl: "max-age=604800,public,immutable",
},
// tags,
}).promise();
If I upload this with the CacheControl option, upload works fine.
But when I load it on the client side I get a CORS error.
If I remove CachControl, obviously the CORS error doesn't come up.
My Bucket has CORS-Policy like this
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"POST"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
Headers with CacheControl Param
Headers without CachControl Param
With CacheControl param,
My Allow headers are gone. Why is that?
I found some documents in here https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
I had same problem.
Did you set bucket policy in Amazon S3 actions?
https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html
It worked by setting policy in my project.
And you can check if settings works by using curl.
The below command is check if POST request can access to a bucket.
curl -i https://your-bucket-name.s3.your-bucket-region.amazonaws.com/index.html -H "Access-Control-Request-Method: POST" -X OPTIONS -H "Origin: http://localhost:3000"
Check this link out.
https://aws.amazon.com/jp/premiumsupport/knowledge-center/s3-configure-cors/
I'm serving some websites by S3 static hosting.
I want to remove all from the CloudFront distribution by createInvalidation method with lambda. (After running the pipeline to update those buckets.)
Q1. I'm confused which value is correct for Quantity in this case...
Q2. Can I use "/*" in the Items array as an item? or just "/*" string instead of the array?
Can I use incorrect huge number (ex, 1000 or 10000) for Quantity?
or Do I need to check the whole file counts in S3 bucket?
Because I need to add this lambda in a stepfunction state machine, using CLI is not a solution for me.
const invalidationParams = {
DistributionId: "XXXX",
InvalidationBatch: {
CallerReference: Date.now().toString(),
Paths: {
Quantity: ???,
Items: [
"/*", // maybe?
]
}
}
};
or... Do you recommend to use iteration of CLI command...?
Thanks in advance.
I was too hurry to create the question...
I tried to create the invalidations by CLI during the waiting,
and its response gave me the answer.
I got below by the CLI command aws cloudfront create-invalidation --distribution-id {DISTRIBUTION_ID} --paths "/*"
{
"Location": "https://cloudfront.amazonaws.com/blahblah",
"Invalidation": {
"Id": "blahblah",
"Status": "InProgress",
"CreateTime": "2021-10-07T14:01:42.406000+00:00",
"InvalidationBatch": {
"Paths": {
"Quantity": 1,
"Items": [
"/*"
]
},
"CallerReference": "cli-1633615280-121576"
}
}
}
So, it means, I can set the Quantity as 1 in lambda.
And also can use the "/*" in the array.
I added this for someone like me 😂
I created a REST api gateway in AWS and configure it to pass through all requests to a http endpoint. The configuration I have is
After deploy to a stage (dev) it gives me an invoke URL, like https://xxxx.execute-api.ap-southeast-2.amazonaws.com/dev,
it works fine if I invoke the url by appending a sub path like: https://xxxx.execute-api.ap-southeast-2.amazonaws.com/dev/xxxxx`, I can see it forward the request to downstream http endpoint. However it doesn't forward any request if I invoke the base url: https://xxxx.execute-api.ap-southeast-2.amazonaws.com/dev. How can I make it work with the base invoke url without any subpath?
I tired to add an additional / path resource in API gateway but it doesn't allow me to add it.
The application must be able to receive requests at any path, including the root path: /. An API Gateway resource with a path of /{proxy+} captures every path except the root path. Making a request for the root path results in a 403 response from API Gateway with the message Missing Authentication Token.
To fix this omission, add an additional resource to the API with the path set to / and link that new resource to the same http endpoint as used in the existing /{proxy+} resource.
The updated OpenAPI document now looks like the following code example:
{
"openapi": "3.0",
"info": {
"title": "All-capturing example",
"version": "1.0"
},
"paths": {
"/": {
"x-amazon-apigateway-any-method": {
"responses": {},
"x-amazon-apigateway-integration": {
"httpMethod": "POST",
"type": "aws_proxy",
"uri": ""
}
}
},
"/{proxy+}": {
"x-amazon-apigateway-any-method": {
"responses": {},
"x-amazon-apigateway-integration": {
"httpMethod": "POST",
"type": "aws_proxy",
"uri": ""
}
}
}
}
}
Amazon has released the ability to create HTTP API's via API gateway. On their website they describe that it is possible to create an HTTP API via AWS CLI: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-examples.html#http-api-examples.cli.quick-create.
FOR EXAMPLE:
aws apigatewayv2 create-api --name my-api --protocol-type HTTP --target arn:aws:lambda:us-east-2:123456789012:function:function-name
For REST API's I know it is possible to update the CORS policy via AWS CLI. I was wondering if it is also possible to change/create the CORS policy for HTTP API's via AWS CLI?
I want to use HTTP API's because it saves a lot of money!
Thanks in advance!
This worked for me
$ aws2 apigatewayv2 update-api --api-id $API_ID --cors-configuration AllowHeaders="*",AllowMethods=GET,POST,AllowOrigins="*",MaxAge=3600
{
"ApiEndpoint": "https://$API_ID.execute-api.$AWS_REGION.amazonaws.com",
"ApiId": $API_ID,
"ApiKeySelectionExpression": "$request.header.x-api-key",
"CorsConfiguration": {
"AllowHeaders": [
"*"
],
"AllowMethods": [
"GET",
"POST"
],
"AllowOrigins": [
"*"
],
"MaxAge": 3600
},
"CreatedDate": "2020-01-28T17:41:35+00:00",
"Name": "http-api",
"ProtocolType": "HTTP",
"RouteSelectionExpression": "$request.method $request.path",
"Tags": {}
}
https://forge.autodesk.com/blog/how-patch-apis-work-and-some-tips-using-patch-apis
https://forge.autodesk.com/en/docs/data/v2/reference/http/projects-project_id-versions-version_id-PATCH/
I have followed the two links above explaining how to PATCH a version of an item and update the name of it but I am getting errors. Below is what I inputted into Postman (version_id inside the URI has been already encoded):
URI: https://developer.api.autodesk.com/data/v1/projects/:project_id/versions/:version_id
Authorization: Bearer *****************************
Content-Type: application/vnd.api+json
Body:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"type": "versions",
"id": *********************************************,
"attributes": {
"name": "AAA - My PDF file.pdf",
"displayName": "AAA - My PDF file.pdf"
}
}
}
The item version I am trying to update is already named AAA - My PDF file.pdf so nothing should be updated. But when I send the request I get the following error.
Error:
{
"jsonapi": {
"version": "1.0"
},
"errors": [
{
"id": "30043cce-cfbe-4766-933c-fd9d888e574d",
"status": "400",
"code": "BAD_INPUT",
"title": "One or more input values in the request were bad",
"detail": "Request input is invalid for this operation."
}
]
}
Are there any ideas why I am getting this error and how can I fix it?
Unfortunately at the moment PATCHing for BIM360 Doc items is unsupported and hence the error. The error message could have been more specific rather than a general validation failure message and I will let Engineering know to update accordingly.
Try PATCHing with A360 hub and it should work as expected.