While creating a platform application when I tried to create application and push notification platform select GCM then add API key I got the following.
Invalid parameter: Attributes Reason: Platform credentials are invalid
(Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter;
Request ID: 44a04d15-c58b-5bf8-859e-0311947aac6c)
What does this mean and how can I fix this?
I got exactly same error message as yours. It seems google is migrating Firebase Cloud Messaging (FCM) to Google Cloud Messaging, and the API Key created via Credentials in API Manager of Google Cloud Platform is not working.
And here is how I get it to work.
Go to Firebase Console and import Google Cloud Project.
Go to Project settings on Firebase Console and you should see the Web API
Key of your project.
Go back to your Google Cloud Platform, and go to Credentials of API Manager, you should see there are two API keys have been generated. Browser key (auto created by Google Service) and Server key (auto created by Google Service)
The Server key (auto created by Google Service) is what you need to
use on the Amazon SNS.
Hope it can resolve your problem, and hope it is only a temporary solution that after Google done the migration, we can directly use the API key created in API Manager.
Related
Problem Statement:
As a admin user I want to see who accessed application and what actions did.
Expected Solution :
All the application REST API calls is configured in AWS API Gateway and enabled Cloudwatch logs
AWS cloud watch logs is accessible by login to AWS console and track all the requests.
But I want to see those logs in my application in a data grid showing with some filters
is there a way to get AWS cloud watch logs through API call by passing some conditions ( like user, date, status) ?
If YES - Please help with some samples
Depending on what programming language you are using for your REST API, you would want to include the AWS SDK dependency and use something like FilterLogEvents.
The issue briefly explained:
I am getting this AWSSecretsManagerException AccessDenied when my web application makes API calls to AWS Secrets Manager to get secret keys/data.
The issue in a little more detail:
I have a Web Application war file deployed to AWS ElasticBeanstalk. I have a front end React application on AWS Amplify that makes a HTTPS Request to the WAR file.
As part of handling this request the Web Application interfaces to PayPal's API. To make a successful request to use PayPal's API I need a token. To get that token my web app needs to make a request to PayPal to get that token by sending my Pay Pal Client ID and Secret key.
To not hardcode that into the app or to have a local config file with that client id and key in plain text, I decided to store those in AWS using AWS Secrets Manager. To access the keys stored there in my application I need to use the AWS Secrets Manager SDK. I did that by including this dependency on my Web Applications pom file.
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-secretsmanager</artifactId>
<version>1.11.700</version>
</dependency>
I then added code to retrieve the client id and secret using the AWS Secrets Manager SDK API.
When I run my Web Application locally on my machine on a Payara Server it works. Meaning I have a local React app on my machine that has the HTTP Request go to my local Web app on Payara (instead of on AWS), and the Web app successfully extracts the Client ID and Secrets from AWS Secrets Manager.
However when I deploy my Web Application to Elastic Beanstalk EC2 instance, I get the Exception above from my front end React app on AWS Amplify.
After a couple of hours I got the issue resolved.
First you have to notice the Role listed in the Exception (look at the bolded text):
com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException:
User:
arn:aws:sts::<......>:assumed-role/aws-elasticbeanstalk-ec2-role/<.....>
is not authorized to perform: secretsmanager:GetSecretValue on
resource:
arn:aws:secretsmanager:us-east-1:<......>:secret:<.....>
(Service: AWSSecretsManager; Status Code: 400; Error Code:
AccessDeniedException; Request ID:
<.......>)
When you're in the AWS Console go to AWS->IAM. From there click on the roles link on the left side. Notice the role from the bolded text above is listed there (text circled in red).
Double click on that.
In this screenshot I already did it, but initially the SecretsManagerReadWrite policy (circled in red) wasn't there.
To get that policy, click on "Attach Policies". Then on the next page search for SecretsManagerReadWrite, and click on the checkbox. Click on "Attach Policy" button and now that role has it!
Now my HTTPS request from my React app on AWS Amplify makes the request to my Web App on ElasticBeanstalk and I no longer get that AWSSecretsManagerException AccessDenied message!
I have an existing mobile app that can receive push notifications and I have an existing backend application that exposes an API for sending notifications to the app. The backend application uses Firebase Cloud Messaging (FCM), so it could be considered a wrapper around FCM. My backend application uses the Firebase Admin SDK to create messages and send them to Firebase. My customers hit an API exposed by my backend application (so, if we assume that the customer is using Postman, then the flow for sending a message is: Postman->My backend application->Firebase->Mobile app).
Until now I have been running my backend application on a local server, and it works fine. But now I need to deploy this on AWS. My question is: is it necessary to use Amazon SNS or not? I don't really need any additional functionality from AWS, I just want AWS to permit the required communication.
For example, I dont need to go to an AWS interface to enter the token to send messages to my phone. I already have an API exposed through my backend for sending messages. So, should I even bother to set up SNS?
I know that at a minimum I will have to make my firebase project google credentials available to my instance on AWS (in a file located at the path specified using GOOGLE_APPLICATION_CREDENTIALS). What other configuration steps would be needed? Thanks a lot.
After some investigation I found that it is not necessary to use Amazon SNS to achieve what I wanted to achieve.
I was able to deploy my server application (which uses Firebase Cloud Message) to AWS, and the messages arrive on the mobile phones without any problem.
I initialized my backend application using the steps described on the Google Firebase site: https://firebase.google.com/docs/admin/setup
I turn out that google play store stores statistics related data in google cloud. It creates the required buckets and updates the file daily as it is required.
I am trying to download those file in google app script and update the Google sheet with data.
From google documentation, there are 2 ways to do so.
With Oauth
API KEY.
So far I was able to download file with Oauth but with API KEY I am getting the error
There is a per-IP or per-Referer restriction configured on your API
key and the request does not match these restrictions. Please use the
Google Developers Console to update your API key configuration if
request from this IP or referer should be allowed.
I have created the API KEy with no restrictions. Also enabled the Cloud Storage JSON api and Cloud storage API.
I did the same in the following way:
Get Oauth token:
public string GetOAuthToken()
{
return googleCredential.UnderlyingCredential.GetAccessTokenForRequestAsync("https://accounts.google.com/o/oauth2/v2/auth", CancellationToken.None).Result;
}
I am able to make a request.
Reference:
How to download files in Google Cloud Storage using rest api
https://stackoverflow.com/a/53955058/4345389
Thanks
I have looked for resources on this particular problem with little luck so far so I thought I would try here.
I am attempting to create an Amazon Web Service Simple Notification Service app in the AWS-SNS console using GCM. I have created the APNS app for the iOS version with no troubles, however, when attempting to create the GCM version I receive the error: "The credentials you entered are invalid. Please enter valid credentials and try again."
In the Google APIs - API Access dashboard I have created both a key for server app and a key for android app. Below are a few screenshots to illustrate the problem.
Any suggestions as to what the problem may be or any instructional documentation recommendations would be tremendously appreciated.
More on what Rohan has said, it would be on Google's end rather than Amazon's.
Delete the Server API Key in the Google API Console, and create a new one, allowing all IP addresses. Add the new key in AWS SNS, and you should be good to go!
Amazon documentation is very old and not accurate anymore.
When you created your Application and the Credentials on Google Developers Console, from the left menu on Google developer console select:
APIs & auth -> APIs -> Google Cloud Messaging for Android -> Enable API
Google recently migrated a lot of the GCM service/credential handling to Firebase. As a result you need to create a Server Key in the Firebase Console now.
See: Amazon SNS: "Platform credentials are invalid" when re-entering a GCM API key that previously worked
You need to use the API key listed under Key for server apps (with IP locking) in the Google Console. The key listed under Android app will not work.
The Amazon SNS Getting Started with GCM documentation provides step-by-step guidance on setting up your app. If you are still having issues, please contact us via AWS Support or the Amazon SNS forum and we can troubleshoot further.
full disclosure: I am an Amazon SNS engineer.