So today i wanted to set up an integration Server.
We are building a PHP Application using Laravel 5.5 and want to host it on AWS.
We have also registered to Laravel Forge and Laravel Envoyer.
So for the start i wanted to connect my Laravel Forge account to Amazon.
I signed into my amazon account, activated everything and created a new IAM User with AdministratorAccess Permission. I've saved everything and created the AWS secret and key. It is shown with status Active in the console.
Ok I headed over to Laravel Forge and went to Server Providers. I selected Amazon. in Profile Name i've entered the name of the user plus his key and secret. I thought i'd be done but i am getting this error:
Whoops! There were some problems with your input.
Invalid API credentials.
Anyone know how i can connect my forge with AWS or can point me to what i did wrong? Am I missing something?
Having the same issue. I seem to be able to create servers in the US regions but nowhere else. Same error as the above. The JS console shows 500 server errors when selecting any other region. Hoping someone has found a solution to this.
I contacted Laravel Forge support and the only advise I got was about contacting AWS directly. Is quite frustrating.
This issue was happening with me as the AWS account wasn't properly activated. Please follow up with AWS in this regards!
Related
We have an AWS Org with AWS Grafana running in the root account setup with Org access.
We have successfully connected to AWS Prometheus and other data sources across different organization accounts. But cant get AWS Grafana to connect to Amazon OpenSearch that is hosted in a VPC.
If you look at Grafana -> AWS Data Sources -> Amazon OpenSearch Service, it lists the cluster. But all attempts to connect have failed.
We have tried setting:
Using SigV4auth Auth
Using Basic auth + With Credentials (Even adding VPC connections between accounts and checking ports are open
When we try Save and Test, we always get a Testing.. followed by OpenSearch error: Bad Gateway in grafana.
Has anyone got it working successfully and able to assist?
Same issue here. Except the Grafana is setup in the same account that the opensearch cluster.
Also tried to configure the security group on the open search cluster to accept everything (all port, all protocol from anywhere).
I'm wondering if it's a network issue : the opensearch cluster being in a VPC can grafana access it ? But I can't find documentation on the network part of the managed grafana.
Hope someone will help.
Been told it’s a known issue.
The solution is to create a proxy for your opensearch cluster and let it get internet access to connect to grafana.
No idea on timelines for AWS to build / fix the problem :(
A solution that works well on my side is to fill in the fields:
HTTP part:
URL: https://search-anything
Access: Server (default)
Auth part:
Check Basic auth
then in Basic Auth Details fill in the master username and password
OpenSearch details part:
fill in the name of an index
make sure that a timestamp field exists in the index filled above and put the name of this field in Time field name
choose the right OpenSearch version 1.0.x
Test
I hope this will help you
I'm getting some strange behavior from amazon Cognito and was wondering if anyone had any of the same issues. If I create a user through my app, everything works just fine. But if I create a user in the cognito management console, that user gets 502 errors. What's interesting is that all of the users (regardless of where they were created) show the same verifications in cognito as the ones created through the app. What's even more interesting is that I have the exact same setup in a test environment on a separate AWS profile and have no issues at all. Any ideas? Thanks everyone!
I'm a beginner to AWS and a bit confused regarding the AWS Cognito system.
I have an AWS Elasticsearch service behind a VPC. I'm trying to access the Kibana endpoint using AWS Cognito, but when I navigate to the log in screen I see a blank page.
Is what I'm trying to do feasible or do I need to VPN first into the VPC in order to get to the log in screen? If so, how can I grant public users access to Kibana (without the trouble of a VPN?) Would a better solution be to have a reverse proxy point to Kibana and couple this with AWS Cognito? Thanks for your help.
Note: I'm using Elasticsearch 6.2
I had the same output while I was setting up the same setup but don't remember exactly which stage solved it.
At this stage it looks like you already set your access policy to use the Cognito role otherwise you wouldn't end up on the cognito login page (even though blank for now).
I would check the identity provider config on the Cognito User Pool App client settings:
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html#es-cognito-auth-identity-providers
It wasn't linked to a lack of access (ie. no VPN) or a missing UI customization and it's definitely achievable.
Let me know if you want me to look deeper into it.
EDIT: when i go directly to the domain url of my cognito pool (ie. https://yourdomain.auth.your-region.amazoncognito.com) I still get a blank page. It's only when going to the protected application (kibana) that the login page is filled in (probably linked to the above app client settings).
I created a wiki page in my GitHub Repo because I did this EXACT (Public ESS and Cognito) same thing over the last couple days. You can get the info HERE and I hope it helps clear things up!
We are a small startup currently in prototype phase. We are still in development phase, and are using AWS to host our application and (test) domain. We have hosted our domain on Route 53, and registered that with SES for email services.
I am new to AWS, and have used domination to understand how to set these things up. Now it appears that our account(s) have been compromised/hacked and someone is missing it to send malicious emails. I am unsure what is the extend of hack, and if the users is only managed to get access to SES and Database credentials. I received an email from SES team, which shows emails have been send through my domain (not by me), but I never created that email on my domain.
Additionally, I have noticed that someone is trying to access my database (from China) and database is always at 100%. Database log says it has blocked IP (which is based in China).
We are using GitHub to store code, and in our code we had credentials for AWS and SMTB servers so I think its possible that someone stoke keys from there (we have taken credential out of GitHub now).
Can someone help me understand what steps do I need to take. I am thinking to shut down this environment and create a new one, but I am unsure how to get hold of my domain and shut down all emails created by spammer on my domain. I am also unclear what is the extend of hack, and if this will come back.
Cam someone please help.
You should never store your credentials in github.
In fact, you should use roles instead of credentials stored directly in the code.
So, step by step you should:
Remove the credentials from github and from your code (done)
Reset your credentials and do not store them
Create a role with the policy according to your needs
Assign that role to your resources.
Here you can found more info
my company provides me with a federated access to AWS. By that I mean, we're going to a website where we login with our SSO which then allows us to pull up the AWS console (i.e. through as custom federation broker as described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
I can create instances (ec2) just fine through the UI. My question is, how can I get API credentials to use with aws cli?
In the IAM dashboard I don't see an option to create a credential set for myself.
Is this even something I can get to, or do they (=my it people) need to change something in the setup?
Thanks a bunch!
ps. to clarify, this we're not going through onelogin
You can create a program to do this leveraging your credentials, your SSO config, and boto3.
Alternatively, I use this google chrome plugin: https://github.com/prolane/samltoawsstskeys/blob/master/README.md
Atlassian also released a tool recently to help solve this problem, and there are some other ones out there if you do some searching.