I'm utilizing Azure's Cognitive Services Text Analysis API. I'm attempting to authenticate by passing my secret key for an access token via these instructions: https://learn.microsoft.com/en-us/azure/cognitive-services/translator/reference/v3-0-reference
I POST my Ocp-Apim-Subscription-Key to https://eastus.api.cognitive.microsoft.com/sts/v1.0/issueToken and get the following error:
{"error":{"code":"401","message": "The issueToken Operation under Token API V1.0 API is not supported with the current subscription key and pricing tier TextAnalytics.S."}}
I'm performing this authentication request using The Info Lab's macro in Alteryx - https://www.theinformationlab.co.uk/2017/09/26/translate-foreign-language-text-alteryx/ - I had to edit URL in the macro to add the "eastus" as the region in the issueToken request. Before I did that, I was getting an AccessDenied error response. At least now I know it's logging on to my resource because it will change the last letter in the error from "F" (free) to "S" to "S1" which are the pricing tiers I was switching between.
I have a pay-as-you-go subscription and I switched the resource to use Free, S, and S0 pricing tiers. Still always getting the same error. Please help!
Thank you
All provided in my summary.
I expect to get an authenticated token.
Per my understanding, you want to use Azure translator API and want to get an authenticated token specified by region. Based this doc mentioned , if you want to get a region based token, you should use Cognitive Service’s multi-service subscription . You can create a multi-service subscription by this link and you can get a token by its region and key as below :
For differences between Single-service resource and Multi-service resource , as official mentioned :
Multi-service resource:
Access multiple Azure Cognitive Services with
a single key and endpoint. Consolidates billing from the services you
use.
Single-service resource:
Access a single Azure Cognitive Service
with a unique key and endpoint for each service created. Use the free
tier to try out the service.
As we know except for translation service , there are many other services on Azure cognitive service . So when you create a Multi-service resource , you can call all Azure Cognitive Services . If you just need one or two kind Azure Cognitive Services or you want to get a separate billing of them, you can create Single-service resources separately.
In a wold, the differences between them is more about management instead of service.
Hope it helps.
Related
I have a data factory v2 with managed identity automatically assigned to it (object id + tenant id). I also have a resource accessible through Azure's Cost Management REST API
What I'd like to do is try to create REST linked service and authenticate to the API using the automatically generated managed identity.
So, for that purpose in Azure Portal -> Cost/billing resource -> IAM I have given two roles to my ADF managed identity: Billing Reader and Cost Management Reader.
But when I invoke the linked service configured like this:
And configured in the Copy activity Sink like this:
I get the following error:
I am really confused with this message and I don't really understand it is supposed to mean:
Cost management data is unavailable for subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. The offer MS-AZR-xxxxx is not supported.
Trying to understand the different Azure APIs to get the Azure subscription cost details programmatically.
I see RateCard API is good approach. In the output/response of this API , there is something called meterID and meterDetails.
anyone know what is this meterID and meterDetails ? how to get it using Azure Portal ?
The meterID is a GUID for every resource except VMs. meterDetails is the detailed Usage. You can get these details from the cost management section in Azure portal
I am struggling to get my Azure batch nodes to start within a Pool that is configured to use a virtual network. The virtual network has been configured with a service endpoint policy that has a "Microsoft.Storage" policy definition and it points at a single storage account. Without the service endpoints defined on the virtual network the Azure batch pool works as expected, but with it the following error occurs and the node never starts.
I have tried creating the Batch account in both Pool allocation modes. This did not seem to make a difference, the pool resizes successfully and then the nodes are stuck in "Starting" mode. In the "User Subscription" mode I found the start-up error because I can see the VM instance in my account:
VM has reported a failure when processing extension 'batchNodeExtension'. Error message: "Enable failed: processing file downloads failed: failed to download file[0]: failed to download file: unexpected status code: actual=403 expected=200" More information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot
From what I can determine this is an Azure VM extension that is running to configure the VM for Azure Batch. My base image is Canonical, ubuntuserver, 18.04-lts (batch.node.ubuntu 18.04). I can see that the extensions is attempting to download from:
https://a52a7f3c745c443e8c2cac69.blob.core.windows.net/nodeagentpackage-version9-22-0-2/Ubuntu-18.04/batch_init-ubuntu-18.04-1.8.7.tar.gz (note I removed the SAS token from this URL for posting here)
there are 8 further files that are downloaded and it looks like this is configuring the Batch agent on the node.
The 403 error indicates that the node cannot connect to this storage account, which makes sense given the service endpoint policy. It does not include this storage account within it and this storage account is external to my Azure subscription. I thought that I might be able to add it to the service endpoint policy, but I have no way of determining what Azure subscription it is part of it. If I knew this I thought I could add it like:
Endpoint policy allows you to add specific Azure Storage accounts to allow list, using the resourceID format. You can restrict access to all storage accounts in a subscription
E.g. /subscriptions/subscriptionId (from https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-overview)
I tried adding security group rules using service tags for Azure storage, but this did not help. The node still cannot connect and this makes sense given the description of service endpoint policies.
The reason for my interest in this is the following post:
[https://github.com/Azure/Batch/issues/66][1]
I am trying to minimise the bandwidth charges from my storage account by using service endpoints.
I have also tried to create my own VM, but I am not sure whether the "batchNodeExtension" script is run automatically for VMs that you're using with Batch.
I would really appreciate any pointers because I am running out of ideas to try!
Batch requires a generic rule for all of Storage (can be regional variant) as specified at https://learn.microsoft.com/en-us/azure/batch/batch-virtual-network#network-security-groups-specifying-subnet-level-rules. Currently it is mainly used to download our agent and maintain state/get information needed to run tasks.
I am facing the same problem with Azure Machine Learning. We are trying to fight data exfiltration by using the SP Policies in order to prevent sending the data to any non-subscription storage accounts.
Since Azure ML Computes depends on the Batch service, we were unable to run any ML compute if the SP policy is associated to the compute subnet.
Microsoft stated the follwoing:
Filtering traffic on Azure services deployed into Virtual Networks: At this time, Azure Service Endpoint Policies are not supported for any managed Azure services that are deployed into your virtual network.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-overview#scenarios
I understand from this kind of restriction, that any service that use Azure Batch (which almost all services in Azure?) cannot use the SP Policy which make it useless freature...
Finally we endup by removing the SP policy completly from our network architecture and considered it only for scenarios where you to want to restrict customers to access specific storage accounts.
AWS provides a pricing api to get cost details of each service. If you want to know the price of an EC2 instance, you just pass the region,instance type(eg:t2.micro) and service code of EC2 to the pricing API and it returns the pricing details. I understand that azure exposes Ratecard API to get the prices. But It returns a huge JSON with all the services. How do I filter based on service type and its attributes. For example, I want the pricing details of Azure VM of instance type Standard_B2S in Central US. Is this possible?
No there is no separate API available for it apart from RateCard, if you need to get the details of particular VM you can use Virtual Machine Rest API. See this link.
GET
https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/locations/{location}/vmSizes?api-version={apiVersion}
I have had trouble managing my access keys for my Cognitive Services Resource on Azure. Every time I log in any browser and click on Manage Keys... the keys don't appear. Even if I click on the cloud icon, they only appear for a split second and then disappear. Has anyone else had this problem? How did they solve it?
See Translator Speech API Keys No Longer Show in Portal & Have Stopped Working:
That error means that your Azure subscription (which is different than your F0 free tier Cognitive Services account) is not active. Typically this happens if you have a 1 month Azure free trial subscription and the free 1 month period has expired, but it can also happen to paid Azure accounts if there is a problem with the billing such as an expired credit card.
You should be able to validate this in the subscription list in the Azure portal - https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade.