I can see that I can revoke a certificate using WS (however I'm not sure how I'm supposed to get it's issuerDN) but is there a way to delete the end entity in it's entirety. Basically can I do the equivalent of doing "revoke and delete" with a web service?
Edit: just noticed that "revoke and delete" doesn't truly delete the end entity as if they are remade the old revoked certificates are still there. Guess the only way is to delete the data from the DB?
Correct. Delete an end entity does not exist from the WS.
Deleting and end entity does not delete the certificates, this is because the primary function of a CA is to keep track of all issued certificates. Being able to delete them would be against this principle.
Also true that you can manually modify the database if you have those privileges.
Related
I've created users with API Keys in a cloudformation yaml file. We want to renew one API Key but an API Key is immutable so has to be deleted and regenerated. Deleting an API Key manually and then hoping that rerunning the cloudformation script is going to replace it with no other ill effects seems like risky business. What is the recommended way to do this (I'd prefer not to drop and recreate the entire stack for availability reasons and because I only want to renew one of our API keys, not all of them)?
The only strategy I can think of right now is
change the stack so that the name associated with the API Key in question is changed
deploy the stack (which should delete the old API Key and create the new one)
change the stack to revert the 1st change which should leave me with a changed API Key
with same name
deploy the stack
Clunky eh!
It is indeed a bit clunky, but manually deleting it, will not cause cloudformation to recreate the API key, since it has an internal state of the stack in which the key still exists.
You could simply change the resource name of the API key and update the stack, but this will only work if you can have duplicate names for API keys, which I doubt, but I could not find confirmation in the docs.
This leaves the only way to do it, in two steps (if you want to keep the same name). One to remove the old key, and a second update to create the new key. This can be achieved by simply commenting the corresponding lines in the first step and subsequently uncommenting them for the second step, or as you suggested, by changing the name of the API key and then changing it back.
I have a question about deleting data in AWS DocumentDB.
I am using PuTTY to connect to EC2 instance and I use mongo shell command to connect with my Document DB.
I checked AWS DocumentDB documentation but I couldn't find how to delete singular data or whole data in one collection. For example I say:
rs0:PRIMARY> show databases
gg_events_document_db 0.000GB
rs0:PRIMARY> use gg_events_document_db
switched to db gg_events_document_db
rs0:PRIMARY> db.data_collection.find({"Type": "15"})
{"Type" : "15", "Humidity" : "14.3%"}
Now I have found the data and I want to delete it. What query should I need to run?
Or what if I want to delete all data in the collection? Without deleting my collection how can I do it?
Probably I am asking very basic questions but I couldn't find a query like this on my own.
I would be so happy if some experienced people in AWS DocumentDB can help me or share some resources.
Thanks a lot 🙌
Amazon DocumentDB has compatibility with MongoDB APIs for 3.6 and 4.0. This said, the same APIs can be used for this need. With respect to:
Or what if I want to delete all data in the collection? Without
deleting my collection how can I do it?
Yo can use:
db.data_collection.drop()
To delete a single document matching a filter, you would use the deleteOne() method.
For example, for your case that would be:
db.data_collection.deleteOne({"Type": "15"})
To delete all documents matching the filter, then use deleteMany().
There's also remove() method, but it was deprecated.
The drop() method deletes the entire collection.
How do I update the certificate of an existing Thing in AWS IoT, assuming I know the thing name and an attribute with the same value? I.e. the thing has name "foo" and attribute "id=foo".
From the limited documentation, I'm assuming I do something like:
Register the replacement certificate (RegisterCertificate)
Find the existing thing (ListThings, filtered by attribute)
Attach the new certificate to the Thing (AttachThingPrincipal?)
Somehow find the old certificate (is there no better way than ListCertificates and paging)??
Update the old certificate to be INACTIVE (UpdateCertificate)
Can anyone confirm the correct, most succinct way to do this?
I welcome better solutions, but this worked for me:
Call RegisterThing again (same ThingName, same policy, different cert). This seems to attach a new certificate to my thing.
Called ListThingPrincipals, filtering on ThingName. The result will be a list of ARNs representing the certificates associated with the thing, of the form arn:aws:iot:<region>:<account id>:cert/<cert id>.
Iterative through the list, strip out the certificate id and call DescribeCertificate, with the certificate id as parameter.
Compare the result (which includes the PEM form of the certificate) with the new certificate. If it's not a match, this is one of the previous certificates. Consequently, call UpdateCertificate and mark that certificate as INACTIVE.
I have to implement the restore functionality of deleted marked files in S3. Is there any way to undo delete or remove delete marker through javascript or REST api.
First of all, the object needs to be versioned.
To undelete the object, you need to delete the delete marker. You can do this via HTTP DELETE or using the SDK's DeleteObject (here's the JavaScript SDK equivalent) and supplying the version ID of the delete marker.
Assume you have some resource behind a REST API. This resource could well be modified using the usual HTTP verbs PUT or PATCH. But let's assume the server behind the API has to check some prerequisites to decide if the modification on the resource can be made or not (e.g. withdraw an amount from a bank account).
In this case there is no use in using POST (because we do not want to add a new resource), nor PUT or PATCH, because only the server knows about the new value of the resources' modified attribute, if he will allow the requested modification at all. In the above example the account's new balance would have to be computed on the server side like so : balance = balance - amount, and to my knowledge all the client can do with PUT or PATCH is to send the already modified resource (the account) or atttribute of that resource (the accounts' balance).
Am I then right in assuming that in this case the API designer has to provide a parameter (e.g. .../account?withdraw=amount) with the URL pointing to the resource ? What would be the correct HTTP verb for this operation ?
there is no use in using POST (because we do not want to add a new resource)
You do. A monetary exchange can be expressed in a transaction, hence: you're creating a new transaction.
So simply perform a POST with the transaction details to a /transaction endpoint.
You certainly don't want to allow users to PUT their new account balance, as that would require atomicity over HTTP, which is all REST stands against: the client would have to know the pre-transaction balance, and make sure in some way no transaction will be carried out before theirs arrives.