So I have a springboot application that I 'd like to deploy to AWS using boxfuse.
Deployement onto the AWS Services yields the following error:
ERROR: Your AWS account does not have a default VPC in the eu-central-1 region
=> change the AWS region in the Boxfuse console
Going to the boxfuse Console:
Your AWS account has no default VPC in eu-central-1. Please ask AWS support to recreate it or select a different region
Where exactly can I fix this in AWS? How can I change the region for boxfuse / fix this by maybe creating a new VPC ?
Well, apparently the only way to do this is through the AWS Customer Support. Just wanted to mention in Case someone had the same issue.
Related
I'm trying to connect a spring boot application from AWS EKS to AWS Opensearch both of which reside in a VPC. Though the connection is successful im unable to write any data to the index.
All the AWS resources - EKS and Opensearch are configured using terraform. I have mentioned the elasticsearch subnet CIDR in the egress which is attached to the application. Also, the application correctly assumes the EKS service account and the pod role - which I mentioned in the services stanza for Elasticsearch. In the policy which is attached to the pod role, I see all the permissions mentioned - ESHttpPost, ESHttpget, ESHttpPut, etc.
This is the error I get,
{"error":{"root_cause": [{"type":"security_exception", "reason":"no
permissions for [indices:data/write/index] and User
[name=arn:aws:iam::ACCOUNT_NO:role/helloworld-demo-eks-PodRle-
hellodemo-role-1,backend_roles=
[arn:aws:iam::ACCOUNT_NO:role/helloworld-demo-eks-PodRle-hellodemo
role-1], requested
Tenant=null]"}],"type":"security_exception", "reason":"no
permissions for [indices:data/write/index] and User
[name=arn:aws:iam::ACCOUNT_NO:role/helloworld demo-eks-PodRle-
hellodemo-role-1,
backend_roles=[arn:aws:iam::ACCOUNT_NO:role/helloworld-demo-eks-
PodRle-hellodemo role-1], requested Tenant=null]"},"status":403}
Is there anything that I'm missing out on while configuring?
This error can be resolved by assigning the pod role to additional_roles key in the Elasticsearch terraform. This internally is taken care by AWS STS when it receives a request from EKS.
Cloud: AWS
ES Version: 7.4
Error message while searching:
{"error":{"message":"[too_many_buckets_exception] Trying to create too many buckets. Must be less than or equal to: [110000] but was [110001]. This limit can be set by changing the [search.max_buckets] cluster level setting., with { max_buckets=110000 }"}}
The question is where/how can I set this property from AWS console OR AWS cli.
The AWS console
Regards
Amit Meena
Version: 5.7.mysql_aurora.2.07.2
i am trying to link lambda function when my RDS get inserted using lambda_async. but was not able to reach it with an error
#63996 - Lambda API returned error: Missing IAM Credentials for specified aws_default_lambda_role
i have followed each and every step carefully but getting above error. :(
i have followed the documentation at
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Lambda.html
and
Call AWS Lambda from Aurora RDS Stored Procedure Permissions Issue.
please help!!
actually i was placing lambda role in parameter group value. replacing with RDS IAM role solve my issue thanks!!
I found this answer: https://www.reddit.com/r/aws/comments/b2b9k4/new_rds_cluster_management_screen_missing_manage/ on which they sugest to add an IAM role for the cluster.
For that go to the RDS Cluster and under Connectivity & security tab, go to Manage IAM roles and add the desired role.
Note: You may need to enable also IAM DB authentication under Configuration tab.
Note2: Reboot your DB instance to apply changes.
I am unable to delete Private Hosted Zone from console and CLI.
Please check below screen shot
Its throwing following error
The resource hostedzone/Z346QOK8DECBDU can only be managed through servicediscovery.amazonaws.com (arn:aws:servicediscovery:us-east-1:757712384777:namespace/ns-oekfhwgvesmkdb4i)
Private zone has following records
I have tried deleting using AWS CLI commands as well
aws servicediscovery list-services
aws servicediscovery delete-service --id=ID-FROM-LIST
aws servicediscovery delete-namespace --id=NS-LIST
This did not work. I got following error
An error occurred (NamespaceNotFound) when calling the DeleteNamespace operation: NS-LIST
An error occurred (ServiceNotFound) when calling the DeleteService operation: ID-FROM-LIST
Please let me know if there is any other way.
Try to delete the AWS ECS service, which is using this hosted zone from AWS console, and then if you have any service discovery resources (like namespace), then delete those using below commands:
Use below command to list services in specific region:
aws servicediscovery list-services --region <region_name>
If no services associated, then try to find the namespaces:
aws servicediscovery list-namespaces --region <region_name>
Then you can delete the namespace as below:
aws servicediscovery delete-namespace --id <service_discovery_namespace_id> --region <region_name>
From output, It seems you don't have any services listed, but still try with --region option.
Your namespace_id seems to be incorrectly passed. Its arn is already shown in first error message.
To delete the private hosted zone:
To delete a private hosted zone that Amazon ECS created when you created a service using service discovery, delete the Amazon ECS services that are using the namespace, and delete the namespace
Ref:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-deleting.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/delete-service.html
It is very simple if you have access to console
Search for “AWS cloud map” in aws console – > you can see than namespace – go inside namespace -> delete services -> go back and delete namespace -> check in your route53 console, hosted zone wont be there
I've configured IAM roles for my different services on EC2 server.with the help of below link IAM Role Setup. According to AWS docs after setting IAM role we don't need any credentials to be stored in our application it takes the credential details from EC2 instance metadata.
However, I am getting error when I removed AWS key from my web.config."No RegionEndpoint or ServiceURL configured" After some time when I added region point entry to my Web.config entry then it started working.
<add key="AWSRegion" value="us-east-1" />
Please note in another application where I am accessing only AWS DynamoDB on the same server, it works without adding region point entry in config. Any kind of help is appreciated.Thank you in advance.
IAM role is only for fetching credentials from the metadata server, not for the region you are trying to connect to. So, you have to specify the region in the config file, not the credentials. Some services default to a region (like us-east-1) but many services expect the region to be configured or passed when creating a client object.