I'm getting some strange behavior from amazon Cognito and was wondering if anyone had any of the same issues. If I create a user through my app, everything works just fine. But if I create a user in the cognito management console, that user gets 502 errors. What's interesting is that all of the users (regardless of where they were created) show the same verifications in cognito as the ones created through the app. What's even more interesting is that I have the exact same setup in a test environment on a separate AWS profile and have no issues at all. Any ideas? Thanks everyone!
Related
I needed to re-do my Amplify auth from scratch. There were some Cognito custom attributes that are not removable once created and since this is going to production, I wanted a clean slate.
The problem started after running amplify remove auth hit a snag as my User Pool contains a Cognito domain.
Because of that the process never finishes and I had to abort the CLI process. I removed Cognito domain and re-ran and seemed OK, but CloudWatch says UserPool is still unable to be removed. I then removed it manually via AWS console.
Question
I'm not sure if aborting the CLI process caused this to hang but I'm seeing some leftover resources not removed from the console - e.g. CloudFormation stacks, Lambda applications and Log Groups (see pics).
Since this is going to be production environment, I'm wanting to ensure the previous auth resources are properly removed. How can I ensure that?
When I go to Amplify backend page, the Authentication just hangs and keeps on loading and console shows a weird error. Note, I've not done amplify publish. Is this a normal behaviour?
I've been trying to get data from GA using a service account, however, my issue is that it keeps saying;
Error: User does not have sufficient permissions for this profile.
I have enabled GA reporting API and given access to GA account using the email of the service account. In addition, it was granted "read and analyze" permissions on the account.
Tried this method on a personal account, and everything worked fine, however, when working on a client project, the issue comes back.
What could I be missing?
This was interesting to figure out.
I've used Account ID against one Google Analytics Account and that worked.
For the one I have been having an issue with, I needed to use the View ID.
I am totally newbie with AWS, my first project with it.
I was trying to deploy my Django app with Elastic Beanstalk, using CodeCommit, following a tutorial. I was getting an error while trying to connect to the repo. Searching around that error, I got to the conclusion that I probably needed to enable AWSElasticBeanstalkFullAccess policy for my user. However, before doing that I 'detached' the first (and I think the only) policy that I had attached to my account. I think it was 'AdministratorAccess' or something similar (the first option in a large policies list). I just wanted to fit my user to the tasks that would be required and I interpreted that having admin privileges is not safe. Later I read that I should have created a new user with no root privileges, and work with that new user on a daily basis. I promise I will do that the next time.
So I am locked right now. I have just one user with privileges for doing absolutely nothing. I cannot even purchase development support (29$/month), to solve this situation... I don't know what to do. I could forget that account and open a new one, but I think there must be something I could do.
I tried searching for almost 2 hours, but I couldn't find anything that could work for me. I repeat that I am completely newbie on AWS and probably I didn't use the correct words in my searching process.
Any help will be appreciated. Thanks in advance.
Ok, finally solved. I explain.
While following the tutorial, I signed up AWS and created a user called 'username' for the deployment process in Elastic Beanstalk. I thought the user I created following the tutorial was my current user in AWS, but (fortunately) it wasn't.
I logged in with the 'username' user and detached the AdministratorAccess policy from that user, so the user has privileges to do nothing.
After some more reading, I found that if you login to AWS with your email (not the 'username'), you log as the root user. That allowed me to attach the correct policies to the user.
Here the difference between IAM users and root user:
From IAM users docs:
An IAM user with administrator permissions is not the same thing as the AWS account root user.
From root users docs:
When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.
I have a lot to learn around AWS, but I hope my story helps somebody...
I'm a beginner to AWS and a bit confused regarding the AWS Cognito system.
I have an AWS Elasticsearch service behind a VPC. I'm trying to access the Kibana endpoint using AWS Cognito, but when I navigate to the log in screen I see a blank page.
Is what I'm trying to do feasible or do I need to VPN first into the VPC in order to get to the log in screen? If so, how can I grant public users access to Kibana (without the trouble of a VPN?) Would a better solution be to have a reverse proxy point to Kibana and couple this with AWS Cognito? Thanks for your help.
Note: I'm using Elasticsearch 6.2
I had the same output while I was setting up the same setup but don't remember exactly which stage solved it.
At this stage it looks like you already set your access policy to use the Cognito role otherwise you wouldn't end up on the cognito login page (even though blank for now).
I would check the identity provider config on the Cognito User Pool App client settings:
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html#es-cognito-auth-identity-providers
It wasn't linked to a lack of access (ie. no VPN) or a missing UI customization and it's definitely achievable.
Let me know if you want me to look deeper into it.
EDIT: when i go directly to the domain url of my cognito pool (ie. https://yourdomain.auth.your-region.amazoncognito.com) I still get a blank page. It's only when going to the protected application (kibana) that the login page is filled in (probably linked to the above app client settings).
I created a wiki page in my GitHub Repo because I did this EXACT (Public ESS and Cognito) same thing over the last couple days. You can get the info HERE and I hope it helps clear things up!
So today i wanted to set up an integration Server.
We are building a PHP Application using Laravel 5.5 and want to host it on AWS.
We have also registered to Laravel Forge and Laravel Envoyer.
So for the start i wanted to connect my Laravel Forge account to Amazon.
I signed into my amazon account, activated everything and created a new IAM User with AdministratorAccess Permission. I've saved everything and created the AWS secret and key. It is shown with status Active in the console.
Ok I headed over to Laravel Forge and went to Server Providers. I selected Amazon. in Profile Name i've entered the name of the user plus his key and secret. I thought i'd be done but i am getting this error:
Whoops! There were some problems with your input.
Invalid API credentials.
Anyone know how i can connect my forge with AWS or can point me to what i did wrong? Am I missing something?
Having the same issue. I seem to be able to create servers in the US regions but nowhere else. Same error as the above. The JS console shows 500 server errors when selecting any other region. Hoping someone has found a solution to this.
I contacted Laravel Forge support and the only advise I got was about contacting AWS directly. Is quite frustrating.
This issue was happening with me as the AWS account wasn't properly activated. Please follow up with AWS in this regards!