I have created one API endpoint for lambda function, as - https://XXXXXXXXX.execute-api.us-east-1.amazonaws.com/XXXX/XXXXXXXXXXXX/ which is GET method.
While calling that endpoint from postman it is giving me
{
"message": "'XXXXXXXXX3LPDGPBF33Q:XXXXXXXXXXBLh219REWwTsNMyyyfbucW8MuM7' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS XXXXXXXXX3LPDGPBF33Q:XXXXXXXXXXBLh219REWwTsNMyyyfbucW8MuM7'."
}
This is a screenshot of the Amazon Lambda Upload Site: http://i.stack.imgur.com/mwJ3w.png
I have Access Key Id & Secret Access Key for IAM user. I used it all but no luck. Can anyone suggest tweak about this.
If you're using the latest version of Postman, you can generate the SigV4 signature automatically. The region should correspond to your API region (i.e. "us-east-1") and the service name should be "execute-api"
This is not a solution but it has helped me more than once:
Double-check that you are actually hitting an existing endpoint! Especially if you're working with AWS. AWS will return this error if you don't have the correct handler set up in your Lambda or if your API Gateway is not configured to serve this resource/verb/etc.
Related
I have node/express APIs running in Lambda function.
The API endpoint is {domain}/api/user/{username} where I pass username in URL itself.
example: to get userA detail, endpoint will be xxx.com/api/user/userA
also sending user_id:xxx in header.
Hitting above endpoint using API gateway/Lambda returns the data without any error.
Problem occurs when I use % in username.
Assume I have username as userA% .
Endpoint would become: xxx.com/api/user/userA%
Now, the problem is when I run this in my local machine with node/express/mysql api with endpoint localhost:2000/api/user/userA%, it returns the data.
But the same API using API gateway/Lambda : xxx.com/api/user/userA% throws
CORS: PreflightMissionAllowOriginHeader.
I have configured some CORS policies as shown in below image but can't seem to figure out what should I configure more to allow this type of requests.
I'm able to update/create the function key using the API as per document.
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update-function-secret
My main aim is to update the function key every hour so I'm creating a http trigger (with the above api inside it) and scheduling the trigger.
For testing purpose I stored the url in one parameter.
URL:
'https://management.azure.com/subscriptions/xyz1/resourceGroups/xyz2/providers/Microsoft.Web/sites/func_appname/functions/func_name/keys/poc_testing1?api-version=2021-02-01{"Properties":{"Name": "poc_testing1","Value": "asdsda"}}'
Note: Value here is updating via random gen lib of python
Generated a bearer token using the service principal (which I'm already using to connect my stg acc) storing it in auth_token
header_auth= {'Authorization' : 'Bearer ' + auth_token }
Now running the below command in python
import requests
requests.post(url, headers=header_auth)
I'm getting 403 forbidden error
I'm thinking that it is not because of the bearer token, Did google the error and it is with the IP address. Can someone help me out here
I was referring the (https://learn.microsoft.com/en-us/troubleshoot/azure/general/request-throttling-http-403) doc but I'm not using any APIM service
Till now I referred the doc from MSFT.
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update-function-secret
I was able to create new function key.
I'm trying to do the same using python for which I performed the above steps.
Currently ran the above issue steps in my local Visual studio and tried az cli as well but same 403 error.
Why do you want to update the function key every hour?
If you aim to increased security use AzureAD Auth/OAuth2 rather than the function key.
Regarding the 403 error, please ensure you have assigned proper permissions to the service principal which allow the service principal to modify the azure function.
i am calling Azure Rest API to list all blobs in a directory (inside container) throuh informatica cloud using web service transformation.But i am getting error while running the mapping InvalidUriThe requested URI does not represent any resource on the server.
API: https://<account_name>.blob.core.windows.net/training?restype=container&comp=list&prefix=training/Type/Class
Could not reproduce your issue, the REST API - List Blobs works fine on my side.
You could refer to the sample below, make sure you are using it the same as mine.
Note: When you using prefix, you have already used the container name training in the url, don't use it again in the parameter, it should be prefix=Type/Class.
Request URL:
GET https://accountname.blob.core.windows.net/training?restype=container&comp=list&prefix=Type/Class
Request header:
x-ms-version = 2019-12-12
Test in the postman:
My storage structure:
I'm attempting to use a pre-signed url for an S3 bucket with a custom endpoint. I seem so close, but I keep getting a Method Not Allowed error. Here's where I'm at.
I have an API Gateway which connects an endpoint to a Lambda function. That function, among other things, generates a pre-signed url. Like so,
var s3 = new AWS.S3({
endpoint: 'custom.domain.com/upload',
s3BucketEndpoint: true,
signatureVersion: 'v4'
});
//...
s3.getSignedUrl('putObject', {
ACL: 'bucket-owner-full-control',
Bucket: process.env.S3_BUCKET_NAME,
ContentType: "image/png",
Key: asset.id + ".png"
};
This code successfully returns a url with what appears to be all the correct query params, correct key name, and the url is pointing to my endpoint. When attempting to upload however, I receive the following error:
MethodNotAllowedThe specified method is not allowed against this resource.PUTSERVICE[request id was here][host id was here]
If I remove my custom endpoint declaration from my S3 config, I receive a standard domain prefixed pre-signed url and the upload works fine.
Other notes on my setup.
I have configured the /upload resource on API Gateway to be an S3 passthrough for the PUT method.
I have enabled CORS where needed. On the bucket and on my API. I have confirmed CORS is good, as the browser passes checks.
I have setup my policies. The lambda function has access to the internet from my VPC, it has full S3 access, and it has a trust relationship with both S3 and API Gateway. This execution role is shared amongst the resources.
I am using the axios package to upload the file via PUT.
I have added a CloudTrail log, but it reports the exact same error as the browser...
Temporarily making my bucket public makes no difference.
I've attempted to add the query strings to the API Gateway Request/Response integrations without success.
I've added the necessary content type headers to the request and to the pre-signed url config.
I Googled the heck out of this thing.
Am I missing something? Is this possible? I plan to disable my custom endpoint and move forward with the default pre-signed url for the time being, but long term, I would like the custom endpoint. Worst case I may pay for some AWS support.
Thanks for the help!
I can't find documentation that states a presigned URL supports proxy (alt/custom domain). IMO the use-case to authenticate and grant requests access to AWS resources from an API gateway ( regardless of if you are proxy'ing S3 ) would be to use an API Gateway authorizer w/lambda to allow the request to assume an IAM role that has access to the AWS resources (in this case PUT OBJECT on an s3 bucket)
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
I am trying to export an Azure package using the GetPackage method of Service Management API.
I have tried both calling the REST API directly using a WebClient, and by using the Windows Azure Service Management Library package (I have posted the code I used as an answer to that question).
However, no matter the method I tried and how I constructed and/or encoded the container URI, I am always getting the following error:
400 Bad Request
Parameter value '...' specified for parameter 'ContainerUriString' is invalid.
The parameter in question is of the following form:
https://something.blob.core.windows.net/somecontainer
I verified that the storage account exists and is accessible (tried both public and private containers), even tried calling HttpUtility.UrlEncode() on the container URI (even though the SDK does it automatically).
Any ideas how to get this resolved?
Please ensure that the storage account where you want the files to be copied belong to the same subscription as that of Cloud Service.