I have a api gateway set up as follows:
Now I need to update the above set up to to vpc link and the same url so at the end I want to convert it to:
As you see I can do it through console.Can I do the above through cli as well?
I found the following I cannot get a working example.
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-method.html
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-rest-api.html
Can anyone help? is it supported at all?
Its is supported. You are looking for update-integration command
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-integration.html
with connectionType is VPC_LINK
I had the same problem and I managed to solve it by upgrading to the latest aws cli:
pip install awscli --upgrade --user
Afterwards, restart your terminal to make sure you load your latest cli
Related
I am trying to deploy my machine learning model with sam for couple of days and I am getting this error:
botocore.exceptions.NoCredentialsError: Unable to locate credentials
I am also make sure that my aws config is fine
the "aws s3 ls" command works fine with me any help will be useful thanks in advance
I've read through this issue which seems to have been deployed in v1.53: SAM Accelerate issue
Reading that seemed to imply that it might be worth trying
sam deploy --guided --profile mark
--profile mark is the new part and mark is just the name of the profile.
I'm using v1.53 but still have to pass in the profile to avoid the problem you're having and I was having, so they may not have fixed the issue as well as intended, but at least the --profile seems to solve it for me.
If you are using Linux, this error can be caused by a misalignment between a docker root installation and user-level AWS credentials.
Amazon documentation recommends adding credentials using the aws configure command without sudo. However, when you install docker on Linux, it requires a root-level installation. This ultimately results in the user being forced to use sudo for the SAM CLI build and deploy commands, which leads to the error.
There are two different solutions that will fix the issue:
Allow non-root users to manage docker. If you use this method, you will not need to use sudo for your SAM CLI commands. This fix can be accomplished by using the following commands:
sudo groupadd docker
sudo usermod -aG docker $USER
OR
Use sudo aws configure to add AWS credentials to root. This fix requires you to continue using sudo for your SAM CLI commands.
I installed AWS CLI on the Windows server 2007 32bit.
aws --version
aws-cli/1.8.8 Python/2.7.9 Windows/2008Server
I configure aws cli using keys
Once I run below command to test AWS S3, I get this SSL error:
aws s3 ls
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Please help to get rid of this basic error.
If you want to use SSL and not have to specify the --no-verify-ssl option, then you need to set the AWS_CA_BUNDLE environment variable. e.g from PowerShell:
setx AWS_CA_BUNDLE "C:\Users\UserX\Documents\RootCert.pem"
The PEM file is a saved copy of the root certificate for the AWS endpoint you are trying to connect to. To generate it, first export the certificate in DER format (For details on how to do this, see here). Then run the following command to convert to the PEM format:
openssl x509 -inform der -in "C:\Users\UserX\Documents\RootCert.der" -out RootCert.pem
If you are using Powershell and not bash, then you will need to first install openssl.
For a full list of environment variables supported by the AWS CLI, see here
use this option with your cmd
"--no-verify-ssl"
Not sure if it's related to to the OP's issue, however, one of our devs had this issue this morning, turned out he was using Fiddler (on Windows), to debug other issues. After stopping Fiddler (which was intercepting https traffic), the issue was resolved.
I had the same issue on Windows 10. It happens to be due to the aws cli not reading the internet proxy setting from the Windows registry. Fixed same error by setting the environment variables HTTP_PROXY and HTTPS_PROXY to the corporate internet proxy. Hope it helps somebody!
Mine was resolved with:
pip install awscli --force-reinstall --upgrade
I ran into a similar issue on Mac OSX in the company/corporate network.
If you don't know the proxy URL Get it from your company's network administrator and configure with the following commands.
Linux, macOS, or Unix
$ export HTTP_PROXY=http://proxy.example.com:1234
$ export HTTPS_PROXY=https://proxy.example.com:1234
Windows
$ set HTTP_PROXY=http://proxy.example.com:1234
$ set HTTPS_PROXY=https://proxy.example.com:1234
More information
I added the certificate to C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\cacert.pem and it resolved the problem.
My issue was our company's VPN. It worked after I disconnected from VPN
AWS already posted a clean solution for this, here it is:
Instead of hacking your system now the CLI supports you passing it a .pem file with the CA chain for it to communicate with your proxy:
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed
To fix this, instruct the AWS CLI where to find your companies .pem file using the ca_bundle configuration file setting, --ca-bundle command line option, or the AWS_CA_Bundle environment variable.
Problem most likely caused by corporate proxy. In my case I was running the commands on AWS CLI behind proxy server and was getting certificate error.
So to get around this I added --no-verify-ssl flag. Though this is a bad idea, I used this as a temporary solution to get the job done until it is resolved by the network team.
I believe this option would have been tried already but just putting it here for everyones reference:
when you have proxy added to your ec2 machines and it is in private subnet with a S3 vpc-endpoint attached. I was getting the same error.
Bypassing the proxy using no_proxy for the bucket as per : https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/
didn't help me and was still failing with the same error.
the only catch here was we need to add endpoint url which is s3.ap-southeast-2.amazonaws.com as below and it worked for me:
export NO_PROXY=169.254.169.254,s3.ap-southeast-2.amazonaws.com
169.254.169.254 is used to access instance role credentials in my case.
I had a similar issue and solved it by setting the proxy as follows:
$ set HTTP_PROXY=http://proxy.example.com:1234
$ set HTTPS_PROXY=https://proxy.example.com:1234
Linux:
$ export AWS_CA_BUNDLE="/data/ca-certs/ca-bundle.pem"
Windows:
PS C:\> setx AWS_CA_BUNDLE C:\data\ca-certs\ca-bundle.pem
$ aws s3 ls --ca-bundle "/data/ca-certs/ca-bundle.pem"
For me ec2 instance date was incorrect, after changing the date and time, fixed the problem.
Simply rebooted the ec2 instance
When you use a AWS CLI command, you receive a "[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed" error message. This is caused by the AWS CLI not trusting your proxy's certificate due to factors such as your proxy's certificate being self-signed, with your company set as the Certification Authority (CA). This prevents the AWS CLI from finding your companies CA root certificate in the local CA registry.
To fix this, instruct the AWS CLI where to find your companies .pem file using the ca_bundle configuration file setting, --ca-bundle command line option, or the AWS_CA_Bundle environment variable.
Please refer https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed
aws configure set default.ca_bundle <your CA file>
I agree with above answers, do the following
1- Remove your cli and install latest cli
2- check the certificate exist: C:\Program Files\Amazon\AWSCLIV2\botocore\cacert.pem
3- if it doesn't exist remove the cli and go to: C:\Program Files\ and remove Amazon
4- Install cli latest version it should work.
5- Try testing with your VPN connected
use the following option to overcome the ssl certification issue.
aws s3 ls --no-verify-ssl
I am following an AWS lambda tutorial https://docs.aws.amazon.com/lambda/latest/dg/vpc-rds-create-rds-mysql.html and the first step is to create an RDS instance via the CLI but I am getting the following error...
Invalid endpoint: https://rds.us-east-2.amazonaws.com
I've tried specifying a couple other parameters such as --availability-zone, -vpc-security-group-ids, etc but it still is saying the endpoint doesn't exist?
Make sure you have the latest version of the AWS CLI tool installed. It sounds like you have an older version before us-east-2 was added. You can check the version you have installed by running aws --version.
I am working in the US-East-1 (N.Virginia) and have even configured the Default Region Name to us-east-1 using the command aws configure.
But I am not able to access Batch using CLI. Batch is not even listed as one of the Available Services in aws help.
Any ideas how to enable Batch in AWS Cli? I have administrative access in IAM console so permissions don't seem to be the issue.
The batch service is relatively new, so its commands only exist in fairly new versions of the aws CLI.
Commands for batch in the latest cli documentation: http://docs.aws.amazon.com/cli/latest/reference/batch/index.html?highlight=batch
If you are running Windows, simply download the updated installer. https://aws.amazon.com/cli/
If you are using OSX or Linux use pip. pip install --upgrade awscli
I installed AWS CLI on the Windows server 2007 32bit.
aws --version
aws-cli/1.8.8 Python/2.7.9 Windows/2008Server
I configure aws cli using keys
Once I run below command to test AWS S3, I get this SSL error:
aws s3 ls
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Please help to get rid of this basic error.
If you want to use SSL and not have to specify the --no-verify-ssl option, then you need to set the AWS_CA_BUNDLE environment variable. e.g from PowerShell:
setx AWS_CA_BUNDLE "C:\Users\UserX\Documents\RootCert.pem"
The PEM file is a saved copy of the root certificate for the AWS endpoint you are trying to connect to. To generate it, first export the certificate in DER format (For details on how to do this, see here). Then run the following command to convert to the PEM format:
openssl x509 -inform der -in "C:\Users\UserX\Documents\RootCert.der" -out RootCert.pem
If you are using Powershell and not bash, then you will need to first install openssl.
For a full list of environment variables supported by the AWS CLI, see here
use this option with your cmd
"--no-verify-ssl"
Not sure if it's related to to the OP's issue, however, one of our devs had this issue this morning, turned out he was using Fiddler (on Windows), to debug other issues. After stopping Fiddler (which was intercepting https traffic), the issue was resolved.
I had the same issue on Windows 10. It happens to be due to the aws cli not reading the internet proxy setting from the Windows registry. Fixed same error by setting the environment variables HTTP_PROXY and HTTPS_PROXY to the corporate internet proxy. Hope it helps somebody!
Mine was resolved with:
pip install awscli --force-reinstall --upgrade
I ran into a similar issue on Mac OSX in the company/corporate network.
If you don't know the proxy URL Get it from your company's network administrator and configure with the following commands.
Linux, macOS, or Unix
$ export HTTP_PROXY=http://proxy.example.com:1234
$ export HTTPS_PROXY=https://proxy.example.com:1234
Windows
$ set HTTP_PROXY=http://proxy.example.com:1234
$ set HTTPS_PROXY=https://proxy.example.com:1234
More information
I added the certificate to C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\cacert.pem and it resolved the problem.
My issue was our company's VPN. It worked after I disconnected from VPN
AWS already posted a clean solution for this, here it is:
Instead of hacking your system now the CLI supports you passing it a .pem file with the CA chain for it to communicate with your proxy:
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed
To fix this, instruct the AWS CLI where to find your companies .pem file using the ca_bundle configuration file setting, --ca-bundle command line option, or the AWS_CA_Bundle environment variable.
Problem most likely caused by corporate proxy. In my case I was running the commands on AWS CLI behind proxy server and was getting certificate error.
So to get around this I added --no-verify-ssl flag. Though this is a bad idea, I used this as a temporary solution to get the job done until it is resolved by the network team.
I believe this option would have been tried already but just putting it here for everyones reference:
when you have proxy added to your ec2 machines and it is in private subnet with a S3 vpc-endpoint attached. I was getting the same error.
Bypassing the proxy using no_proxy for the bucket as per : https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/
didn't help me and was still failing with the same error.
the only catch here was we need to add endpoint url which is s3.ap-southeast-2.amazonaws.com as below and it worked for me:
export NO_PROXY=169.254.169.254,s3.ap-southeast-2.amazonaws.com
169.254.169.254 is used to access instance role credentials in my case.
I had a similar issue and solved it by setting the proxy as follows:
$ set HTTP_PROXY=http://proxy.example.com:1234
$ set HTTPS_PROXY=https://proxy.example.com:1234
Linux:
$ export AWS_CA_BUNDLE="/data/ca-certs/ca-bundle.pem"
Windows:
PS C:\> setx AWS_CA_BUNDLE C:\data\ca-certs\ca-bundle.pem
$ aws s3 ls --ca-bundle "/data/ca-certs/ca-bundle.pem"
For me ec2 instance date was incorrect, after changing the date and time, fixed the problem.
Simply rebooted the ec2 instance
When you use a AWS CLI command, you receive a "[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed" error message. This is caused by the AWS CLI not trusting your proxy's certificate due to factors such as your proxy's certificate being self-signed, with your company set as the Certification Authority (CA). This prevents the AWS CLI from finding your companies CA root certificate in the local CA registry.
To fix this, instruct the AWS CLI where to find your companies .pem file using the ca_bundle configuration file setting, --ca-bundle command line option, or the AWS_CA_Bundle environment variable.
Please refer https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-certificate-verify-failed
aws configure set default.ca_bundle <your CA file>
I agree with above answers, do the following
1- Remove your cli and install latest cli
2- check the certificate exist: C:\Program Files\Amazon\AWSCLIV2\botocore\cacert.pem
3- if it doesn't exist remove the cli and go to: C:\Program Files\ and remove Amazon
4- Install cli latest version it should work.
5- Try testing with your VPN connected
use the following option to overcome the ssl certification issue.
aws s3 ls --no-verify-ssl