I am currently going through the "Quick Start" tutorial for Amazon IoT and I have gotten to the point where I am configuring my rules and test rules. I can see my rules in my aws console under Amazon IoT, along with my thing, cert, and policy. I am using Mosquitto like they suggest for testing it, and I can see my message when I subscribe to my topic.
But I am having an issue that, when I publish a message, I don't see anything in my DynamoDB or the CloudWatch logs from Lambda. And in IoT, I am able to create a resource and see my roles, db table, and lambda function as if it's working. I am keeping to what the tutorial is saying and nothing extra. I can't find any other forum that has discussed Amazon IoT or is having this issue.
Found the solution, it was an error in the AWS Quickstart tutorial.
Look at this thread: https://forums.aws.amazon.com/thread.jspa?threadID=217825&tstart=0
The range timestamp field must be of type String and not Number
The hashKeyValue in the json must be "${topic()}" instead of "${topic(3)}"
Related
Trying to turn a containerized Cube.js deployment into a serverless one. I’m getting Continue wait on every API call, and I notice the cubejsProcess lambda is never invoked. I checked SNS reachability by (successfully) publishing a message to it using the AWS SDK in the cubejs lambda. The cubejsProcess does get invoked with this inserted message. What might be preventing cubejs from publishing messages to SNS?
This is similar to this question, however, connectivity to SNS has been verified in this case.
I'd check IAM permissions to see if the cubejs Lambda's role. Does the role allow making requests to SNS?
Another thing that could be causing the issue is if the cubejs Lambda is in a VPC with no Internet access; calling any AWS API endpoint would fail since they all require an Internet connection.
Hi I am developing an application in Java that parses documents using AWS Textract. For multipage parse I use the startDocumentAnalysis method available on the textract client. This client then responds with a jobId and the jobId is placed on the sqs queue along with it's completion status. I had a personal account previously and managed to get all of it working so a process reads messages from the queue and then get the result of the parse using :
GetDocumentAnalysisRequest documentAnalysisRequest = GetDocumentAnalysisRequest.builder().jobId(jobId)
.maxResults(maxResults).nextToken(paginationToken).build();
Now i have to do that on my company's AWS account and i have retraced my steps and everything works except now when i go to pick up the messages from the queue, all the messages come back as [] i.e. empty array.
I use this code:
messages = sqsClient.receiveMessage(receiveMessageRequest).messages();
So i know the error can't be in the java code because previously it worked.
I also know that i can upload to the new bucket and also do single page parses, so i know my credentials are correct.
I have created a topic on sns and registered my sqs to it but somewhere here there must be a permission or other configuration error. Maybe SNS and SQS are not talking to each other?
Wonder if anyone has any insights that could help me.
Thank you
I found the answer. It's all to do with the naming convention of the SNS topic. Explained in the documentation:
https://docs.aws.amazon.com/textract/latest/dg/api-async-roles.html
Step3 - Create an Amazon SNS topic. Prepend the topic name with AmazonTextract. Note the topic Amazon Resource Name (ARN). Ensure that the topic is in the same Region as the AWS endpoint that you're using.
I am trying to receive an update when a new EC2 security group is created. Haven't had much luck. There have been a lot of resources online however they don't deal with what I'm trying to do. All I need is an SNS notification when a new security group is created for some reason this is proving harder than it should.
Any suggestions on how I may be able to get this to work?
Thanks
The AWS Config service should serve this purpose perfectly.
It allows you to 'listen' for changes on certain (or all) types of resources and perform certain actions in response.
In your situation you could set up listeners for EC2:SecurityGroup events and have these events trigger notifications being sent to an SNS endpoint of your choice.
See some of the docs on streaming AWS Config events to SNS here.
Three are two services of interest:
Amazon CloudWatch Events can use rules to trigger an action when something happens (eg a Security Group is created)
Amazon Config keeps track of historical configurations
For your use-case, I would recommend an Amazon CloudWatch Events Rule:
Service Name: EC2
Event Type: AWS API Call via CloudTrail
Specific Operation: CreateSecurityGroup
Add Target: Specify an SNS Topic to receive the notification
I have a DynamoDB application and it seems to be running well and using normal throughput generally. However once in a while it seems to spike pretty high (latest kicked up over 300, normal is around 10-20 max). I've looked through the code and I'm having a bit of trouble figuring out what it is that is causing these spikes. Is there any type of history of the calls in DynamoDB that could tell me what exactly were the calls that caused the spiking?
You can enable the cloudtrail logs for the dynamoDB.It will deliver these log files to S3 bucket. Taken directly from the AWS Docs :-
DynamoDB is integrated with CloudTrail, a service that captures
low-level API requests made by or on behalf of DynamoDB in your AWS
account and delivers the log files to an Amazon S3 bucket that you
specify. CloudTrail captures calls made from the DynamoDB console or
from the DynamoDB low-level API. Using the information collected by
CloudTrail, you can determine what request was made to DynamoDB, the
source IP address from which the request was made, who made the
request, when it was made, and so on. To learn more about CloudTrail,
including how to configure and enable it, see the AWS CloudTrail User
Guide.
Please follow the aws dynamoDB cloudtrail logging to enable it.
I have an AWS account that use multiple devs and teams [dev/qa/mobile].
I would like to be notified when any change takes place in my AWS account.
For example a dev launches a new instance , or a new open port is added in a security group etc and he forgets to announce it to me or the rest of the team.
I want to be fully informed for these changes in order to apply specific architecture and/or security and people tend to mess with them.
Is there any dashboard or service inside AWS that I can customise it?
Someone suggested that I should take a look in CloudTrail.
Has anyone done something like this?
The easiest way to go is to use cloudtrail with cloudwatch logs. In AWS FAQ:
Q:What are the benefits of CloudTrail integration with CloudWatch Logs?
This integration enables you to receive SNS notifications of API activity captured by CloudTrail. For example, you can create CloudWatch alarms to monitor API calls that create, modify and delete Security Groups and Network ACL’s. For examples, go to the examples section of the user guide.
Based on SNS, you can then send email through SES
I think the easier way is to use Amazon Cloudtrail service.
Cloudtrail logs any API call which is made on your AWS account. Every operation done on AWS is and API call (including instances operations as you have requested)
Here you can find more information about it
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-cloudtrail-to-send-notifications.html
I hope this helps somehow.
You can find logs of your AWS account in S3,
Find below path in S3:
s3://security-logging/AWS_/AWSLogs/AWS Account no./CloudTrail/your region/year
You can also integrate CloudTrail with SQS to send notifications.