AWS CLI Unable to Create RDS Instance - amazon-web-services

I am following an AWS lambda tutorial https://docs.aws.amazon.com/lambda/latest/dg/vpc-rds-create-rds-mysql.html and the first step is to create an RDS instance via the CLI but I am getting the following error...
Invalid endpoint: https://rds.us-east-2.amazonaws.com
I've tried specifying a couple other parameters such as --availability-zone, -vpc-security-group-ids, etc but it still is saying the endpoint doesn't exist?

Make sure you have the latest version of the AWS CLI tool installed. It sounds like you have an older version before us-east-2 was added. You can check the version you have installed by running aws --version.

Related

Connection to sts.amazonaws.com timed out when calling Python boto3 API from EC2 instance

I am trying to setup some build and deployment servers based on EC2 instances to deploy software to AWS via CloudFormation.
The current setup uses the AWS CLI to deploy CloudFormation templates, and authentication is handled using a credentials profile where the ~/.aws/config file has a profile with:
[profile x]
role_arn = x
credential_source = Ec2InstanceMetadata
region = x
The setup using the AWS CLI appears to be working fine, and can deploy CloudFormation templates, upload files to S3 etc.
I wanted to automate this further and use a configuration-based approach to allow for more flexibility in our deployments. To achieve this, I have written some Python code to parse a config file and use the Boto3 library (which the AWS CLI also uses) to replicate the functionality. However when I am trying to do similar things in Boto3 (like deploy CloudFormation and upload files to S3), I get the following error: Connection to sts.amazonaws.com timed out. Unfortunately I can't provide the full stack trace since it's on a separate network. I am running Python 3.7 and boto3-1.21-13, botocore-1.24.13.
I assume it might be because I need to setup a VPC endpoint for STS? However, I can't work out why and how the AWS CLI works fine, but Boto3 doesn't. Especially since AWS CLI uses Boto3 under the hood.
In addition, I have confirmed that I can retrieve instance metadata using curl from the EC2 instances.
To reproduce the error, this command fails for me:
python -c "import boto3;print(boto3.Session(profile_name='x').client('s3').list_objects('bucket')"
However this AWS cli command works:
aws --profile x s3 ls bucket
I guess I don't understand why the AWS CLI command works, when the boto3 command fails. Why does boto3 needs to call the sts.amazonaws.com endpoint, when the AWS CLI seemingly doesn't? What am I missing?
The aws cli and boto3 both use botocore, which is only a minor detail. Nevertheless, both the cli and boto3, when run in the same environment with the same access to the credentials, should indeed be able to reach the same endpoint.
This:
aws sts get-caller-identity --profile x
and:
python -c "import boto3;print(boto3.Session(profile_name='x').client('sts').get_caller_identity())"
are equivalent and should make the same api calls to the same endpoint.
As an aside, I find it is often best not to have your code concerned with session handling at all. It seems most simple to me for the code to expect the environment to handle that. So just export AWS_PROFILE and run the code. This prevents other user of the script from having to have the same profile and name it the same.
Yeah so it turns out I just needed to set/export AWS_STS_REGIONAL_ENDPOINTS='regional'.
After many hours of trawling the botocore and awscli source and logs, I found out that botocore sets it by default to 'legacy'.
Where as in v2 of the AWS CLI, they set it to 'regional'.

AWS lightsail CLI command put-instance-public-ports doesn't work

So I'm trying to update firewall rules for my ligthsail instance. However, running the command
aws lightsail put-instance-public-ports --port-infos fromPort=22,protocol=TCP,toPort=22,cidrs=1.1.1.1 --instance-name Ubuntu-1
returns
Parameter validation failed:
Unknown parameter in portInfos[0]: "cidrs", must be one of: fromPort, toPort, protocol
In the description it seems that this functionality should be there? https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/put-instance-public-ports.html
Any idea where I mess up the command? Thanks!
Edit:
Updating aws cli version fixed the issue
Based on the comments, the issue was not the command used. The command was correct. The problem was with the outdated AWS CLI used.
The solution was to updated the AWS CLI.

AWS Aurora - How to enable serverless mode via CLI

I am using the following command to create AWS Aurora Serverless instance
aws rds create-db-cluster --db-cluster-identifier test-cluster --database-name testdb --master-username test --master-user-password testtest --engine aurora --engine-mode serverless --region us-east-1
but I am getting the following error.
Unknown options: --engine-mode, serverless
Above command works great on my AWS account but its not working on my clients account. (I just have programmatic access to that account). I have double check the permissions and I have the similar permissions as of my own account.
Summary: AWS command to create serverless aurora cluster is working on one account but not on another account with similar permissions.
Account 1:
Account2:
The error message states that it does not know about the engine-mode argument. This is a clear indication that your AWS CLI version is out dated. Serverless was added as part of a recent (late 2018) release, so you need to update your client's AWS CLI to recognize these inputs.
I have figured it out. I was using awscli version 1.14 on my server and 1.16 on my laptop. I updated the awscli and now its working fine.
sudo pip install --upgrade awscli

Updating api gateway to vpc link through cli

I have a api gateway set up as follows:
Now I need to update the above set up to to vpc link and the same url so at the end I want to convert it to:
As you see I can do it through console.Can I do the above through cli as well?
I found the following I cannot get a working example.
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-method.html
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-rest-api.html
Can anyone help? is it supported at all?
Its is supported. You are looking for update-integration command
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-integration.html
with connectionType is VPC_LINK
I had the same problem and I managed to solve it by upgrading to the latest aws cli:
pip install awscli --upgrade --user
Afterwards, restart your terminal to make sure you load your latest cli

Enable AWS Batch in AWS CLI

I am working in the US-East-1 (N.Virginia) and have even configured the Default Region Name to us-east-1 using the command aws configure.
But I am not able to access Batch using CLI. Batch is not even listed as one of the Available Services in aws help.
Any ideas how to enable Batch in AWS Cli? I have administrative access in IAM console so permissions don't seem to be the issue.
The batch service is relatively new, so its commands only exist in fairly new versions of the aws CLI.
Commands for batch in the latest cli documentation: http://docs.aws.amazon.com/cli/latest/reference/batch/index.html?highlight=batch
If you are running Windows, simply download the updated installer. https://aws.amazon.com/cli/
If you are using OSX or Linux use pip. pip install --upgrade awscli