I've been having issues with deploying a domain I recently transferred from godaddy to AWS.
Here's the zappa settings:
{
"staging": {
"app_function": "__init__.app",
"aws_region": "ap-southeast-2",
"profile_name": "default",
"s3_bucket": "zappa-flowersapp",
"domain": "minnidesign.com",
"certificate_arn": "arn:aws:acm:us-east-1:985294012425:certificate/a8740ef0-0d99-4355-ac99-210ead89b743"
}
}
On running zappa certify the first time I get this error:
params[name] = orig_value.split('/')[-1]
AttributeError: 'NoneType' object has no attribute 'split'
The second time I am getting this error:
raise error_class(parsed_response, operation_name)
BadRequestException: An error occurred (BadRequestException) when calling the CreateDomainName operation: The domain name you provided already exists.
I have no idea why this is happening, I have never had this kind of issue with Zappa. (When I go to minnidesign.com there is a server not found error).
Does anyone know a solution to this problem? Many thanks in advance!
I just had to create a hosted zone then update the NS records of the registered domain with the new hosted zone's NS records, then created new certificate and worked a charm!
Zappa fails with certify sometimes.
You can enter the apigateway dashboard on AWS and manually delete the entry before trying again.
AWS Console > apigateway > custom domain names > delete
Related
When I deploy new deployments or edit any settings, It returns following Error
Error creating: Internal error occurred: failed calling webhook
"mpod.elbv2.k8s.aws": Post
"https://aws-load-balancer-webhook-service.kube-system.svc:443/mutate-v1-pod?timeout=10s":
x509: certificate has expired or is not yet valid: current time
2022-01-28T02:05:13Z is after 2022-01-20T10:00:30Z
How can i fix it??
I think the reason is because your time and date are not right. As I can see in the log, your time is 8 days behind the current day.
Please sync your time in this server and try again.
You need to have new certificate for aws-load-balancer-webhook-service. We have issuer set up in the cluster and when we get similar error in OPA we do a rollout restart for opa.
Good day.
My cloudformation stack keeps getting rolled back due to the error for the WaitCondition.
The EC2 instance has Userdata which calls custom bootstrap.sh that uses cfn-signal with the waithandle.url (replaced sensitive info with "masked"):
cfn-signal --success true --http-proxy http://proxyAbc:123 --https-proxy http://proxyAbc:123 --region ap-southeast-2 https://cloudformation-waitcondition-ap-southeast-2.s3-ap-southeast-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aap-southeast-2%3A747462550105%3Astack/asg-masked-20200508162554-0b080289adf738030/35459000-90f5-11ea-a7af-0a0ad6464e74/WaitHandle?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200508T062906Z&X-Amz-SignedHeaders=host&X-Amz-Expires=86399&X-Amz-Credential=masked&X-Amz-Signature=masked
However it is encountering this error now:
Error signaling CloudFormation: [Errno 403] HTTP Error 403 : AccessDeniedAccess DeniedXYZ...123
There has been no code change except for using a new Centos 7 AMI.
Has anyone encountered this error and managed to resolve it?
Edit:
The userdata has this in the CloudFormation template (which has single-quote surrounding it), where the WAITHANDLE environment variable is used in the cfn-signal command above (the https://cloudformation-waitcondition-ap-southeast-2....):
BASH_SCRIPT[8]=\"export WAITHANDLE='", {"Ref": "WaitHandle"}, "'\"\n
The issue turned out to be due to proxy issue.
The proxy being used works before (for years) but now has been broken.
This is probably not a general answer as the 403 seems to be to broad, though pay attention to the part where it says AccessDenied (without 'Request has Expired') in any case just answering this in case anyone else encounters it.
For example:
Pre-signed URL expired:
Error signaling CloudFormation: [Errno 403] HTTP Error 403 :
AccessDeniedRequest has expired863992020-05-15T05:17:56Z2020-05-18T20:41:19Z[somehashvalue]
Proxy issue:
Error signaling CloudFormation: [Errno 403] HTTP Error 403 : AccessDeniedAccess Denied[somehashvalue]
i am getting this while doing amplify init , so main agenda is to develop authentication through aws-cognito , which is using aws-amplify,
? Do you want to use an AWS profile? Yes
? Please choose the profile you want to use default
init failed
Error: read ECONNRESET
at TLSWrap.onStreamRead (internal/stream_base_commons.js:205:27) {
message: 'read ECONNRESET',
errno: 'ECONNRESET',
code: 'NetworkingError',
syscall: 'read',
region: 'us-east-1',
hostname: 'amplify.us-east-1.amazonaws.com',
retryable: true,
time: 2020-04-16T12:09:59.975Z
You may try the following strategies to eliminate the problem you are facing,
This more of looks like a Network problem as per the logs from your
Terminal, therefore if you have a jittery connection, I would
recommend that you try the same on a stable internet connection.
I will recommend to do an amplify delete in case there is some mis-configuration from the last time you did an amplify init, but the chances of this are very less.
Check your aws environment variables or configuration file maybe the credentials of your aws account are missing. Try doing an aws configure and reset the values of your key,secret, and region.
I hope the above suggestions help you somehow.
aws --version
aws-cli/1.16.76 Python/2.7.10 Darwin/16.7.0 botocore/1.12.66
I'm trying to programmatically add an APNS_SANDBOX channel to a pinpoint app. I'm able to do this successfully via the pinpoint console, but not with aws cli or a lambda function which is the end goal. Changes to our Test/Prod environments can only be made via the CodePipeline, but for testing purposes I'm trying to achieve this with the aws cli.
I've tried both aws cli (using the root credentials) and a lambda function -- both result in the following error:
An error occurred (BadRequestException) when calling the UpdateApnsSandboxChannel operation: Missing credentials
I have tried setting the Certificate field in the UpdateApnsSandboxChannel json object as the path to the .p12 certificate file as well as using a string value retrieved from the openssl tool.
Today I worked with someone from aws support, and they were not able to figure out the issue after trying to debug for a couple of hours. They said they would send an email to the pinpoint team, but they did not have an ETA on when they might respond.
Thanks
I ended up getting this to work successfully -- This is why it was failing:
I was originally making the cli call with the following request object as this is what is including in the documentation:
aws pinpoint update-apns-sandbox-channel --application-id [physicalID] --cli-input-json file:///path-to-requestObject.json
{
"APNSSandboxChannelRequest": {
"BundleId": "com.bundleId.value",
"Certificate":"P12_FILE_PATH_OR_CERT_AS_STRING",
"DefaultAuthenticationMethod": "CERTIFICATE",
"Enabled": true,
"PrivateKey":"PRIVATEKEY_FILE_PATH_OR_AS_STRING",
"TeamId": "",
"TokenKey": "",
"TokenKeyId": ""
},
"ApplicationId": "Pinpoint_PhysicalId"
}
After playing around with it some more I got it to work by removing BundleId, TeamId, TokenKey, and TokenKeyId. I believe these fields are needed when using a p8 certificate.
{
"APNSSandboxChannelRequest": {
"Certificate":"P12_FILE_PATH_OR_CERT_AS_STRING",
"DefaultAuthenticationMethod": "CERTIFICATE",
"Enabled": true,
"PrivateKey":"PRIVATEKEY_FILE_PATH_OR_AS_STRING"
},
"ApplicationId": "Pinpoint_PhysicalId"
}
Trying to get my node.js IOT example working but not sure what configuration I need to set to pass to my thingShadow constructor awsIot.thingShadow(config)
This is the sample config I get from the AWS dashboard
{
"host": "foo.iot.us-east-1.amazonaws.com",
"port": 8883,
"clientId": "bar",
"thingName": "bar",
"caCert": "root-CA.crt",
"clientCert": "bar-certificate.pem.crt",
"privateKey": "bar-private.pem.key"
}
However this is the constructor I set based on the sdk readme
{
keyPath: 'bar-private.pem.key',
certPath: 'bar-certificate.pem.crt',
caCert: "root-CA.crt",
clientId: 'bar'
}
I get the error
events.js:141
throw er; // Unhandled 'error' event
^
Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1017:38)
at emitNone (events.js:67:13)
at TLSSocket.emit (events.js:166:7)
at TLSSocket._init.ssl.onclienthello.ssl.oncertcb.TLSSocket._finishInit (_tls_wrap.js:582:8)
at TLSWrap.ssl.onclienthello.ssl.oncertcb.ssl.onnewsession.ssl.onhandshakedone (_tls_wrap.js:424:38)
What is caCert based on - is that a cert that I have in my local path? If so where do I get it from, the dashboard as a download somewhere? Am I sending the right certificate files for privateKey?
So the issue was the root-CA.crt file. I found mine from the node_modules directory in the aws library and that was not valid.
I needed to get the crt file from
https://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem
As noted in this doc http://docs.aws.amazon.com/iot/latest/developerguide/iot-device-sdk-node.html