I am getting the following error when trying to run flightplan to push to staging.
I have a colleague who is using this exact git repo and the same credentials and his works, but mine is throwing this error. Any idea why mine isn't working? Is there something I need to install?
Benjamins-MBP:XXXXXXX-deploy Ben$ fly --flightplan web-flightplan.js staging --keyfile=/Users/Ben/.ssh/XXXXXX-web-key-pair.pem
Fetching instances for group: 'XXXXXXX-staging-web'
A client error (AuthFailure) occurred when calling the DescribeInstances operation: Authorization header or parameters are not formatted correctly.
● Error: Command failed: /Users/Ben/git/XXXXXX-deploy/app/../scripts/get_aws_instances XXXXXXX-staging-web
A client error (AuthFailure) occurred when calling the DescribeInstances operation: Authorization header or parameters are not formatted correctly.
at checkExecSyncError (child_process.js:441:13)
at execSync (child_process.js:481:13)
at Object.module.exports.fetch (/Users/Ben/git/XXXXXXX-deploy/app/instance-fetcher.js:11:27)
at Object.<anonymous> (/Users/Ben/git/XXXXXXX-deploy/web-flightplan.js:40:31)
at Module._compile (module.js:435:26)
at Object.Module._extensions..js (module.js:442:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:311:12)
at Module.require (module.js:366:17)
at require (module.js:385:17)
Client code for describeinstances op:
#!/bin/bash
GROUP=$1
if [ -z "$GROUP" ]; then
echo "Specify group as only parameter"
exit 1
fi
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
. $DIR/aws_keys
. $DIR/aws_region_us
aws ec2 describe-instances --filters "Name=tag:group,Values=$GROUP"
Related
I am using aws-vault to store my credenitals
After running
docker-compose -f deploy/docker-compose.yml run --rm terraform init
I got error
Initializing the backend...
Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid
status code: 403, request id: 6ee874fd-9f27-4923-a6ac-b605ae49879d
I checked again
aws-vault list
shows
brankovich brankovich sts.GetSessionToken:58m21s
My auth is valid for next 58 mins.
My deploy/docer-compose.yml
version: '3.7'
services:
terraform:
image: hashicorp/terraform:0.12.21
volumes:
- .:/infra
working_dir: /infra
environment:
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
- AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
What is wrong?
Account policies
Some things won't work with aws-vault's temporary credentials. Try to use the exec command and pass the parameter --no-session to use the original credentials:
aws-vault exec brankovich --no-session -- docker-compose -f deploy/docker-compose.yml run --rm terraform init
I get an error related to aws paramstore in kubernetes container.
[1/4] Resolving packages...
success Already up-to-date.
Done in 1.00s.
yarn run v1.22.5
$ db-migrate --config ./src/db/config.js --migrations-dir ./src/db/migrations -e config up
[ERROR] Error: getaddrinfo EAI_AGAIN ssm.eu-west-1.amazonaws.com
at ParameterQuery.executeSync (/backend/node_modules/aws-param-store/lib/param_query.js:99:19)
at getParametersSync (/backend/node_modules/aws-param-store/lib/index.js:49:10)
at /backend/config/__helpers/awsParams.js:23:34
at Array.reduce (<anonymous>)
at retrieveAWSParams (/backend/config/__helpers/awsParams.js:22:28)
at getAwsParams (/backend/config/__helpers/awsParams.js:61:22)
at Object.<anonymous> (/backend/config/index.js:21:13)
at Module._compile (internal/modules/cjs/loader.js:999:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Module.load (internal/modules/cjs/loader.js:863:32)
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
I have configured the elasticbeanstalk hook to download the file from s3 bucket to windows elasticbeanstalk instance.
file downloaded successfully on Desktop of administrator user of elasticbeanstalk, but I am unable to copy that file to c:/Windows/fonts directory.
below is the .config file.
sources:
"C:/Users/Administrator/Desktop": https://test.s3-ap-southeast-1.amazonaws.com/font/ARIALUNI.zip
commands:
copyfile:
command: copy C:/Users/Administrator/Desktop/ARIALUNI.TTF C:/Windows/Fonts
It's giving below error in elasticbeanstalk.
Error occurred during build: Command copyfile failed
nfra-WriteRuntimeConfig, Infra-EmbeddedPreBuild, Hook-PreAppDeploy,
Infra-EmbeddedPostBuild, Hook-EnactAppDeploy, Hook-PostAppDeploy]
Command failed on instance. Return code: 1 Output: null.
I have also tried to hook file like but that doesn't work.
sources:
"c:/myproject/myapp": https://test.s3-ap-southeast-1.amazonaws.com/font/ARIALUNI.zip
It's giving below error in elasticbeanstalk.
Error occurred during build: [Errno 22] invalid mode ('wb') or
filename: u'c:\Windows\Fonts\ARIALUNI.TTF'
Updated config file with the below code and it works.
Refrence url : https://richardspowershellblog.wordpress.com/2008/03/20/special-folders/
sources:
"c:/windows/temp/fonts": https://test.s3-ap-southeast-1.amazonaws.com/font/ARIALUNI.zip
files:
"C:\\scripts\\install_font.ps1":
content: |
#Commands
$Destination = (New-Object -ComObject Shell.Application).Namespace(0x14)
#Font Location
$Font = "C:\Windows\Temp\Fonts\ARIALUNI.TTF"
#Install
$Destination.CopyHere($Font,0x10)
commands:
install_font:
command: powershell.exe -ExecutionPolicy Bypass -Command "C:\\scripts\\install_font.ps1"
ignoreErrors: false
waitAfterCompletion: 5
I am trying to launch a cloudformation stack via the jenkins-cloudformation plugin from a template stored in git but I receive an error "Invalid Client Id" even though I give proper access_key and secret_key.
Besides, an appropriate IAM role is attached to the ec2 instance on which jenkins is running and the instance metadata is accessible to jenkins user.
And this error comes up irrespective of whether I pass secretKey, accessKey in jenkins configuration or not.
Can someone please guide me where it's going wrong.
Error
Building in workspace /apps/jenkins/.jenkins/workspace/Cloudformation_Test
> /usr/bin/git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> /usr/bin/git config remote.origin.url https://xxxx.git # timeout=10
Fetching upstream changes from https://xxxx.git
> /usr/bin/git --version # timeout=10
using GIT_ASKPASS to set credentials Gitlab user webadmdeamon to perform CICD with Jenkins
> /usr/bin/git fetch --tags --progress https://xxx.get +refs/heads/*:refs/remotes/origin/*
> /usr/bin/git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> /usr/bin/git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 827b91075eb0ae5901b641a7588b9b5769ad2ce7 (refs/remotes/origin/master)
> /usr/bin/git config core.sparsecheckout # timeout=10
> /usr/bin/git checkout -f 827b91075eb0ae5901b641a7588b9b5769ad2ce7
Commit message: "Add new file"
> /usr/bin/git rev-list --no-walk 827b91075eb0ae5901b641a7588b9b5769ad2ce7 # timeout=10
Determining to create or update Cloud Formation stack: JenkinsCloudformationTest
Stack not found: JenkinsCloudformationTest. Reason: Detailed Message: The security token included in the request is invalid. (Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: be71618c-3027-11e9-8d00-45421bf87ce0)
Status Code: 403
Error Code: InvalidClientTokenId
Creating Cloud Formation stack: JenkinsCloudformationTest
Failed to create stack: JenkinsCloudformationTest. Reason: Detailed Message: The security token included in the request is invalid. (Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: be73364d-3027-11e9-8d00-45421bf87ce0)
Status Code: 403
Error Code: InvalidClientTokenId
Finished: FAILURE
EDIT---
I am able to create a stack using aws cli in the same ec2 instance and with the same user.
The log shows that your issue is authentication-related:
Reason: Detailed Message: The security token included in the request is invalid.
(Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request
ID: be71618c-3027-11e9-8d00-45421bf87ce0)
Status Code: 403
Error Code: InvalidClientTokenId
The problem could be either a bug in the Jenkins plugin or (more likely) a problem with the keys you are providing to the plugin.
The source code for the plugin (code ref), meanwhile, appears to indicate that the plugin always tries to use the access keys you provide. If you leave the key fields blank I guess it tries empty strings as the keys. Thus, the IAM role attached to the instance is probably not relevant.
Note that the error you receive InvalidClientTokenId is documented here:
InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403
Now, you mention in your update that:
I am able to create a stack using aws cli in the same ec2 instance and with the same user.
So firstly, try that again, and then have a look in CloudTrail. Filter by EventName=CreateStack, and then you'll see something like this:
Is it really the same user and Access Key?
I suspect you're going to find that it isn't, and the fix for you will be to provide correct Access Keys. If not, let me know and we can consider other possibilities.
Serverless Error ---------------------------------------
Error --------------------------------------------------
ServerlessError: NetworkingError: The header content
contains invalid characters
For debugging logs, run again after setting SLS_DEBUG env var.
Stack Trace --------------------------------------------
Error: ServerlessError: NetworkingError: The header content contains invalid characters
at module.exports.logError.words.forEach (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\lib\classes\Error.js:74:11)
at C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\bin\serverless:19:15
at tryCatcher (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\util.js:16:23)
at Promise._settlePromiseFromHandler (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\promise.js:504:31)
at Promise._settlePromise (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\promise.js:561:18)
at Promise._settlePromise0 (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\promise.js:606:10)
at Promise._settlePromises (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\promise.js:681:18)
at Async._drainQueue (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\async.js:138:16)
at Async._drainQueues (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\async.js:148:10)
at Immediate.Async.drainQueues [as _onImmediate] (C:\Users\chamaths\AppData\Roaming\npm\node_modules\serverless\node_modules\bluebird\js\release\async.js:17:14)
at processImmediate [as _immediateCallback] (timers.js:383:17)
Get Support --------------------------------------------
Docs: v1.docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Please report this error. We think it might be a bug.