I setup cloud endpoints on GKE. I enabled JWT Auth with google service accounts.
API is working fine. It needs the JWT passed in Authentication header. It doesn't allow expired JWT all are working as expected. Except the dashboard on GCP shows nothing. It shows 0 requests. 0 requests/s.
I tried to check logs on stackdriver. It's empty :(
Apparently i need 10 reputations to show this image embedded in the question. Sorry for inconvenience
https://i.imgur.com/JaqJ0sp.png
Started to work after enabling the Google Cloud Endpoints API in the API console
Related
I am trying to setup a python app on GCP Cloudrun I need only authenticated users to be able to access the Cloudrun URL but I am facing 403 issue when I set up this app. Is there any alternative way to access the Cloudrun instance using browser provided it is configured to allow only authenticated users?
This is the flow which i am trying to implement :
HTTP(S) Load balancer -> Frontend forwarding rule -> Cloudrun Backend -> Python app deployed on Cloudrun
I have saw few other questions and tried that solution but it does not work few such similar questions would be :
403 "Error: Forbidden" when opening the URL of my Cloud Run service
If you're currently getting 403, it means you don't have the necessary permission to access the service (the App was deployed to cloud with the option to use 'authenticated' invocation which means you can't access it by directly typing the URL in the browser). You can do any of the following
Generate a token and then use curl to invoke your url using that token. See Google Documentation on this and a more detailed explanation from Google here. But you can't be doing this each time you wish to invoke the service. It's more for testing.
Update: The solution below was to allow him to actually see the App run in the browser but reread the question and see that OP wants only authenticated users to access the App.
2. Redeploy the App to Cloud Run but make sure you choose the option to allow for 'unauthenticated invocation'. See step 3.iv of this [blog article][3] we wrote on deploying to cloud run
After trying out IAP as said by #guillaumeblaquiere i was able to fix this issue. Thanks a lot as there is ver less documentation on how to fix this i have recorded steps that i implemented to fix this issue :
Accessing applications on Authenticated Cloud Run using IAP
Problem Statement:
As a admin user I want to see who accessed application and what actions did.
Expected Solution :
All the application REST API calls is configured in AWS API Gateway and enabled Cloudwatch logs
AWS cloud watch logs is accessible by login to AWS console and track all the requests.
But I want to see those logs in my application in a data grid showing with some filters
is there a way to get AWS cloud watch logs through API call by passing some conditions ( like user, date, status) ?
If YES - Please help with some samples
Depending on what programming language you are using for your REST API, you would want to include the AWS SDK dependency and use something like FilterLogEvents.
I have created CF on GCP console, some are trigggered by Firestore and some are HTTP Endpoints. I have secured former one using Firebase Auth, but the later one HTTP Endpoints are not secured as i didnt find any way to authenticate them. Please help as i am new to GCP.
Here's a code sample that shows how to only allow users that use a Firebase ID token as a Bearer in the Authorization header of the HTTP request or in a __session cookie to trigger the Cloud Function.
Alternatively this StackOverflow post may be of help.
I just started using Auth0 last week. Can anyone provide details on how you setup an Auth0 client, that connects to a custom RDS MySQL database? I"m trying to authenticate users form a Drupal Install via a login form and I consistently receive a "401" error.
I think you need to configure both auth0 and AWS (IAM) for this, kindly go through documentation provided.
Call AWS APIs and Resources Securely with Tokens
Edit 1: Do Refer to commet , will update accordingly.
I have looked for resources on this particular problem with little luck so far so I thought I would try here.
I am attempting to create an Amazon Web Service Simple Notification Service app in the AWS-SNS console using GCM. I have created the APNS app for the iOS version with no troubles, however, when attempting to create the GCM version I receive the error: "The credentials you entered are invalid. Please enter valid credentials and try again."
In the Google APIs - API Access dashboard I have created both a key for server app and a key for android app. Below are a few screenshots to illustrate the problem.
Any suggestions as to what the problem may be or any instructional documentation recommendations would be tremendously appreciated.
More on what Rohan has said, it would be on Google's end rather than Amazon's.
Delete the Server API Key in the Google API Console, and create a new one, allowing all IP addresses. Add the new key in AWS SNS, and you should be good to go!
Amazon documentation is very old and not accurate anymore.
When you created your Application and the Credentials on Google Developers Console, from the left menu on Google developer console select:
APIs & auth -> APIs -> Google Cloud Messaging for Android -> Enable API
Google recently migrated a lot of the GCM service/credential handling to Firebase. As a result you need to create a Server Key in the Firebase Console now.
See: Amazon SNS: "Platform credentials are invalid" when re-entering a GCM API key that previously worked
You need to use the API key listed under Key for server apps (with IP locking) in the Google Console. The key listed under Android app will not work.
The Amazon SNS Getting Started with GCM documentation provides step-by-step guidance on setting up your app. If you are still having issues, please contact us via AWS Support or the Amazon SNS forum and we can troubleshoot further.
full disclosure: I am an Amazon SNS engineer.