I have been trying to set up CodeCommit with aws sdk, but when i try and list al the repositories, it says “Unknown Error Gateway Timeout”. The secret keys works fine with S3 but codeCommit gives Gateway timeout error.
Any idea
?
The user with secret keys have administrator privileges
I tried this, where codeCommit has been defined in other file. Any reason why I am getting this error?
const { codeCommit } = require ("./../../aws")
var hello = await codeCommit.listRepositories(params).promise();;
Check if you can connect to connection endpoint [1] via a command like curl:
$ curl https://git-codecommit.us-east-2.amazonaws.com
If not, something in your network is blocking access, presumably a firewall.
Related
I recently found problem with firebase-admin behind firewall (using firebase-admin for nodejs
).
This is actual error:
Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: Error while making request: connect ECONNREFUSED 142.251.37.109:443. Error code: ECONNREFUSED"
which is quite self explanatory, I can add IP and port to firewall whitelist, but if FCM change their IP my connection will be refused again.
For me, better approach is to add hostname to whitelist, but I can't find in any documentacion what host is called by initializeApp function. For example, it is not any specified hostname from docs (none is resolved to 142.251.37.109, but it is definitely firebase IP according to ip range).
I'm trying to create an AWS client for IOT following this article: How can I publish to a MQTT topic in a Amazon AWS Lambda function?
client = boto3.client('iot-data', region_name='us-east-1')
However I need to set a profile so that boto3 picks the correct credentials from my ~/.aws/credentials file.
The articles that describe how to do this (How to choose an AWS profile when using boto3 to connect to CloudFront) use Session instead of creating a client. However iot-data is not a "resource" that you can get from Session.
boto_session = boto3.Session(profile_name='my-profile')
boto_client = boto_session.resource('iot-data', region_name='us-west-1')
When I try the above I get the error:
Consider using a boto3.client('iot-data') instead of a resource for 'iot-data'
And we've achieved full catch-22 status. How can I get an appropriate IOT client using an AWS profile?
IoTDataPlane does not have resource. You can only use client with the IoTDataPlane:
boto_session.client('iot-data', region_name='us-west-1')
I'm trying to figure out how to get postman to work with EKS. I have a simple nodejs app.
const express = require('express');
const app = express();
app.get('/', (req, res) => res.send('hello world'));
app.listen(3000, () => {
console.log('My REST API running on port 3000!');
});
Here's everything I've done so far:
I created a docker container and successfully pushed it to ECR.
Also I tested docker by running it locally and I was able to reach it and get hello world response so the docker container seems fine.
I created an EKS cluster with the docker container and have the api server endpoint
but when I try and make a call with postman, I get
I even tried adding access key and secret from IAM user that has access to EKS, but I get same error.
When I configured the cluster, I set it to public so I don't understand why Postman can't reach the API endpoint.
Also I added the following permissions to the IAM user I'm using in postman. I wasn't sure which one was correct so I added all of them. I also put the security credentials for that IAM user in postman.
What am I missing? I appreciate the help!
Actually, your Postman is reaching AWS EKS API endpoint, but you are getting authentication/authorization error - 403 Forbidden. I see OpenID Connect provider URL in the API config, so I would expect OIDC authentication and not AccessKey/SecretKey. Check AWS EKS documentation or contact your AWS support.
Currently, I am using Firebase Admin SDK to connect a Firebase database in a NodeJS server side application.
But I do not find an option to connect Firebase via proxy settings, or it can detect my system HTTP_PROXY environment variable.
When I run the node script by node index.js, and got some timeout messages like this(I know in my work network, I can not connect to Firebase directly).
Error: Credential implementation provided to initializeApp() via the "credential
" property failed to fetch a valid Google OAuth2 access token with the following
error: "connect ETIMEDOUT 216.58.200.237:443".
at ....erver\node_modules\firebase-adm
in\lib\firebase-app.js:74:23
at process._tickCallback (internal/process/next_tick.js:103:7)
I also use browser to access the firebase console via proxy, it works.
But how to resolve this issue in NodeJS server side scripts?
This error also happens if the date and time on your host machine where you run NodeJS process is not set right. Make sure to keep the server time synced.
The full error message:
Error: Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: invalid_grant (Invalid JWT: Token must be a short-lived token and in a reasonable timeframe)". The most likely cause of this error is using a certificate key file which has been revoked. Make sure the key ID for your key file is still present at https://console.firebase.google.com/iam-admin/serviceaccounts/project. If not, generatea new key file at https://console.firebase.google.com/project/_/settings/serviceaccounts/adminsdk.
Faced with the exact same problem yesterday, got it solved.
Let's get it straight, you are getting this error because Google services are banned in your region, therefore you should access firebase through a proxy. Here's a blog explaining how it is done.
For this specific case, you should
Prepare a proxy server that allows you to access Google services, then
Install the https-proxy-agent package through npm or yarn, then
Include the proxy in your firebase app initilization code like this
import HttpsProxyAgent from 'https-proxy-agent';
import * as admin from 'firebase-admin';
...
const agent = new HttpsProxyAgent('url to your proxy server');
admin.initializeApp({
credential: admin.credential.applicationDefault(agent),
// Or any function you would like to use to provide your application's credentials
// But remember to include the proxy agent in the parameter
httpAgent: agent
});
But remember not to commit this change into your repo, since this problem appears specifically in regions without access to Google services.
I have created one API endpoint for lambda function, as - https://XXXXXXXXX.execute-api.us-east-1.amazonaws.com/XXXX/XXXXXXXXXXXX/ which is GET method.
While calling that endpoint from postman it is giving me
{
"message": "'XXXXXXXXX3LPDGPBF33Q:XXXXXXXXXXBLh219REWwTsNMyyyfbucW8MuM7' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS XXXXXXXXX3LPDGPBF33Q:XXXXXXXXXXBLh219REWwTsNMyyyfbucW8MuM7'."
}
This is a screenshot of the Amazon Lambda Upload Site: http://i.stack.imgur.com/mwJ3w.png
I have Access Key Id & Secret Access Key for IAM user. I used it all but no luck. Can anyone suggest tweak about this.
If you're using the latest version of Postman, you can generate the SigV4 signature automatically. The region should correspond to your API region (i.e. "us-east-1") and the service name should be "execute-api"
This is not a solution but it has helped me more than once:
Double-check that you are actually hitting an existing endpoint! Especially if you're working with AWS. AWS will return this error if you don't have the correct handler set up in your Lambda or if your API Gateway is not configured to serve this resource/verb/etc.