I'm trying to deploy a small Node.js server to a Linux EC2 on AWS. This server uses the AWS JavaScript SDK. The ~/.aws/credentials and ~/.aws/config are properly filled out. Everything works when I run the server by node index.js or npm start, but if I run it using systemd, I get the following response:
{ message: 'Could not load credentials from any providers',
retryable: false,
time: 2018-07-23T20:12:59.057Z,
code: 'CredentialsError' }
For some systems ~ becomes / when run from a service. This means the path is /.aws/credentials. For your system try copying "~/.aws" to "/root/.aws". Then try copying to "/.aws". One of these will work.
You can also use a json file and specify that when creating your client.
Create the file "/mysite/aws_config.json" with the following contents:
{
"accessKeyId": "YOUR_ACCESS_KEY_ID",
"secretAccessKey": "YOUR_SECRET_ACCESS_KEY",
"region": "YOUR_REGION"
}
Then load the credentials with this statement:
AWS.config.loadFromPath('/mysite/aws_config.json');
This way you can keep your site's configuration in one directory.
There are many methods to specify credentials. The AWS documentation for node.js SDK has lots more.
Related
I am trying to install dynamically windows services from my electron app.
For that i am using the node module "node-windows".
This looks like this:
service = new Service({
name: 'Watcher',
description: 'Watcher',
script: 'Watcher.js',
env: {
name: "SettingsPath",
value: storage.getDataPath()
}
});
service.on('install',function(){
service.start();
});
service.install();
this works very well on my dev machine.
The app requests for permission to create the service and installs it smoothly.
My Problem
If i compile the app to an exe the app doesnt request me for permissions and print an error
Permission Denied. Requires administrative privileges.
The app creates the service exe successfully at that time and doesnt do anything more.
Ok, so i started the app with admin privileges for testing this behavior.
Nice, the app doesnt show any error, creates the service exe AND ahhhhhh installed the service NOT.
Questions
Why does the app no longer ask for permissions when it is compiled?
Why isn't the service installed when the app is compiled?
If you need any additional information, write me a comment. And thanks for your time.
the path to the elevate.cmd in node-windows is incorrect for electron apps.
i have documented the way of trouble here
found some more problems to use the node-windows package:
cant use scripts from electron asar file (exclude files or diable
asar)
the executable path from the generated service config is wrong (its the packaged app executable, but must be node.exe or an equivalent executable)
service will only run on target system if node.js is installed, or you provide an equivalent
I am trying to deploy a Node.js application on windows EC2 instances. Deployment finishes successfully but node server is not started automatically on those instances. I've to login to each instance to run command node app.js to start node server. I tried to include this command in appspec.yml file but then I got below error,
LifecycleEvent - ApplicationStart
Script - node_start.bat
[stdout]
[stdout]C:\Windows\system32>cd C:/host/
[stdout]
[stdout]C:\host>npm start
[stderr]'npm' is not recognized as an internal or external command,
[stderr]operable program or batch file.
My appspec.yml file is as below,
version: 0.0
os: windows
files:
- source: app.js
destination: c:\host
- source: package.json
destination: c:\host
- source: \node_modules
destination: c:\host\node_modules
- source: node_start.bat
destination: c:\host
- source: before_install.bat
destination: c:\host
hooks:
AfterInstall:
- location: before_install.bat
timeout: 300
ApplicationStart:
- location: node_start.bat
timeout: 300
Node is already installed on those two instances and Path variable is also properly set. Logging manually to those servers and running command npm start works perfectly fine. It fails only though AWS Code deploy.
I want to introduce AWS Lambda function also after this step to do health check.
Any help to resolve this issue would be greatly appreciated.
The issue isn't really related to CodeDeploy. CodeDeploy simply runs the script that you give it; in your case, node_start.bat. Perhaps, this question answers the issue that you're really having. CodeDeploy has no knowledge of your application unless you tell it.
You will likely either need to edit node_start.bat or your environment so that npm is a valid command.
Here are a couple of suggestions to help your case:
Test your appspec and scripts
You can test your appspec.yml and related scripts using the CodeDeploy local CLI, which comes with the agent.
Validate that your service is running
Obviously, it's not awesome if your deployment succeeds, but your application is not actually running. However, you can use the ValidateService lifecycle hook to confirm that your application is actually running or any other validation. You can include a script that can see that the process is running, confirm that no errors are getting logged, run tests, or whatever else you might want.
I am currently trying to run jhipster-registry in dev profile to serve the configurations to a jhipster microservice application.
I've followed this official jhipster registry doc and:
have built it from sources, and launched it as follow:
./jhipster-registry-3.0.0.war --spring.profiles.active=dev
And as the doc states, i have put the central-config directory containing <mymicrosericeappname>-dev.yml alongside the jhipster-registry generated war file.
When i launch jhipster-registry, everything is ok,
but when i run my microservice application, it connects to the registry (i can see it in the jhipster-registry dashboard), but i realize that it is reading the application-dev.yml file located at src/main/resources/config/ inside the microservice app.
I dont know if i misplaced the central-config folder...
That said, i really need to know what's wrong.
Thanks
The config directory is specified in bootstrap.yml in search-locations property.
spring:
cloud:
config:
server:
native:
search-locations: file:./central-config
Rather than specifying a relative path (relative to where you launched the regsitry from), you may want to specify an absolute path:
search-locations: file:/home/something/central-config
Also rather than using dev profile, you can use prod with native :
./jhipster-registry-3.0.0.war --spring.profiles.active=prod,native
Thanks to #GaelMarziou, his answer helped me found why the central-config was not being rode.
In fact the Spring Cloud Config bootstrap configuration for the "dev" profile bootstrap.yml file gives this:
cloud:
config:
server:
git:
uri: https://github.com/jhipster/jhipster-registry-sample-config
native:
search-locations: file:./central-config
So each time i ran jhipster-registry, it was pointing the git repo and not the central-config directory.
To get it work, i had to launch the registry in dev,native profile :
./jhipster-registry-3.0.0.war --spring.profiles.active=dev,native
Nevertheless the documentation states this:
Using the dev profile will run the JHipster Registry with the dev and the native profiles.
Which is not really true... considering my struggling.
I'm deploying a Django based project on AWS Elastic Beanstalk.
I have been following the Amazon example, where I add my credentials (ACCESS_KEY/SECRET) to my app.config under the .ebextentions directory.
The same config file has:
container_commands:
01_syncdb:
command: "django-admin.py migrate --noinput"
leader_only: true
02_collectstatic:
command: "django-admin.py collectstatic --noinput"
leader_only: true
Problem is that this is forcing me to store my credentials under Version Control, and I will like to avoid that.
I tried to remove the credentials and then add them with eb setenv, but the problem is that the two django commands require the these settings to be set on the environment.
I'm using the v3 cli:
eb create -db -c foo bar --profile foobar
where foobar is the name of the profile under ~/.aws/credentials, and where I want to keep my secret credentials.
What is the best security practices for the AWS credentials using EB?
One solution is to keep the AWS credentials, but create a policy that ONLY allows them to POST objects on the one bucket used for /static.
I ended up removing the collecstatic step from the config file, and simply take care of uploading statics on the build side.
After that, all credentials can be removed and all other boto commands will grab the credentials from the security role on the EC2 instance.
I added a scripts.config file to .ebextensions at the root of my Node app deployed in beanstalk.I did not see the tags for the EC2 instances in the console. Nor did I see any mention of 1_add_tags in beanstalk logs. What did I do wrong and how do I find out if the commands in the script.config were called at all!
The config file in .ebextensions is as follows ....
01_add_tags:
command: ec2-create-tags $(ec2-metadata -i | cut -d ' ' -f2) --tag Environment=Production --tag Name=Proxy-Server --tag Application=something
env:
EC2_HOME: /opt/aws/apitools/ec2
EC2_URL: https://ec2.ap-southeast-2.ama...
JAVA_HOME: /usr/lib/jvm/jre
PATH: /bin:/usr/bin:/opt/aws/bin/
Cheers,
Prabin
Amazon's answer to the problem. (This worked for me) ...
You can utilise the ebextensions to execute certain commands on instance boot.
Supposing that you want to implement this on Linux based containers. I have formulated a sample config file for you and attached to this case.
Please follow below guidelines :
In the AWS Management console, check the IAM Role/Instance profile used by beanstalk. By default it uses "aws-elasticbeanstalk-ec2-role". Add permissions for this role to create new tags (ec2:CreateTags).
If you do not have ".ebextensions" folder at the root of your application or the "WEB-INF" folder, then create the folder.
Modify the key value pairs in the config file. Multiple pairs are separated by a space.
A sample snippet is as below:
{
"container_commands": {
"01_add_tags": {
"command": "aws ec2 create-tags --resources $(GET http://169.254.169.254/latest/meta-data/instance-id) --tags Key=ClientName,Value=testClient Key=NewTag,Value=new-value --region us-east-1"
}
}
}
Add the modified config file in the ".ebextensions" folder.
Upload this version to beanstalk. It should launch new instances and execute the config file.
Please give it sometime, preferably till the instances pass EC2 instance status checks. Refresh the page for the additional tags to be displayed.
Please note that we are using "Container_commands" instead of "Command" used in the blog.
Container Commands run after the application and web server have been set up and the application version file has been extracted, but before the application version is deployed. This is important as these commands have access to environment variables such as your AWS security credentials set by the instance-profile.
I would recommend you to go through the restrictions for AWS Resources tagging mentioned at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions
I would like to highlight that maximum number of tags per resource is 10.
Also check the table for tagging support for certain resource. For example, currently tagging is not supported for ELB.
I had the similar problem where I tried to install libjpeg using the ./ebextensions/foo.config file. I tried everything but was never able to find a good solution.
I was able to solve it though, by setting up a completely new Elastic Beanstalk Application and then deploying my same version on the new instance instead. When I did this everything was installed perfectly and working fine.
Check out my answers here:
https://stackoverflow.com/a/23109410/2335675
https://stackoverflow.com/a/23131959/2335675
Hope this fixes your issues as well.