Can anyone see anything wrong with this? I'm trying to reference a resource in another resource group. I'm deploying a bastion host and want to reference a subnet in another resourcegroup (vnet rg)
This is what I have but it's not working, do I need to reference the subscription? It's badly formatted but tried everything i can thing of :(
"id": "[concat('/','subscriptions','/','parameters('SubscriptionId'),'/','resourceGroups','/',parameters('vnetResourceGroupName'),'/',providers','/','Microsoft.Network','/','virtualNetworks','/','parameters('vnetName'),'/','subnets','/','AzureBastionSubnet'))]"
I'm trying to get to this (ish)
"id":"/subscriptions/xxxxx-xxxxx-xxxx-xxxxx-xxxxxxxxxx/resourceGroups/rg-vnet/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/SubnetName"
When I try ot use resourceID
"id": "[resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/', parameters('vnetName'), '/subnets/AzureBastionSubnet')]"
I get this error:
'resourceId': function requires exactly one multi-segmented argument which must be resource type including resource provider namespace. Current function arguments
'rg-vnet,Microsoft.Network/virtualNetworks/,vnet1,/subnets/AzureBastionSubnet'
I think its the commas between each segment causing the issue :(
Thanks in advance :)
Correct format:
"id": "[resourceId(parameters('vnetResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('VNETName'),variables('subnetName'))]"
Related
I am creating CloudFormation stack with Elasticsearch service, however it fails for AdvancedSecurityOptions, which works perfectly fine with aws es create-elasticsearch-domain
my JSON template snippet is below:
...
"AdvancedOptions": {
"rest.action.multi.allow_explicit_index": true
},
"AdvancedSecurityOptions": {
"Enabled": true,
"InternalUserDatabaseEnabled": false,
"MasterUserOptions": {
"MasterUserARN": "arn:aws:iam::1234567890:role/role_name"
}
},
"DomainName": {
"Ref": "ESDomainName"
}
...
I am unable to get this code working, any help related to fine grain access control would be really appreciated.
The AdvancedSecurityOptions is the latest addition to Amazon Elasticsearch service added recently as part of Fine Grained Access Control. This is available only via Console, CLI and API for now.
I am not sure if the thread is with outdated info, but according to the official AWS documentation on this link it should be possible to use the AdvancedSecurityOptions for Fine Grained Access Control. It even states that it is meant to be used for FGAC at the top of the page.
Continuing from DNakevski# answer above, for FGAC we need to ensure the following three settings in the CFN template are set to true since they serve as pre-requisites:
EncryptionAtRestOptions
NodeToNodeEncryptionOptions and
HTTPS.
Further, the important parameter for FGAC in the CFN template is AdvancedSecurityOptions and needs to be set to Enabled: true
AmazonES/Opendistro-for-ES provides two ways for security with FGAC. One is through using a IAM user as a master-user and other is through having basic auth.
If you need to take the IAM way then set the InternalUserDatabaseEnabled to false and only have the parameter *MasterUserARN: "IAM User ARN" under the MasterUserOptions field.
If you need to take the basic auth (username and password) approach set the InternalUserDatabaseEnabled to true and have the MasterUserName: "any-name" and the MasterUserPassword: "xxx"* Please have at least one lower case, one upper case, one digit and one special character for the password else the CFN template will rollback. However, the failure message is easily seen on the CFN console under events.
I have a simple working CFN yaml here doing the same just in case.
I'm trying to create a new VM using existing Managed disks and I keep running into problems because the parameters are not very well documented.
One problem that I haven't figured out is the format of --attach-data-disks
From the name and description of the parameter this seems to be the way you can attach data disks to the VM that you are creating and I am assuming because it is --attach-data-disks and not --attach-data-disk that you can attach multiple disks using this parameter.
What I don't know is what format to use when passing multiple disks. I have tried separating them using commas but the error that I got seemed to indicate that it viewed the comma delimited list of drives as one long name for a drive.
Here is an example of what I am trying to do:
az vm create -g test-group -n testvm2 --os-type windows --attach-os-disk testvm1-osdisk-20181213-033052 --attach-data-disks "testvm1-datadisk-000-20181213-033052,testvm1-datadisk-001-20181213-033052,testvm1-datadisk-002-20181213-033052"
Error I'm getting:
Deployment failed. Correlation ID: 9999. {
"error": {
"code": "InvalidParameter",
"message": "Id /subscriptions/99999999/resourceGroups/lbacompensafe/providers/Microsoft.Compute/disks/testvm1-datadisk-000-20181213-033052,testvm1-datadisk-001-20181213-033052,testvm1-datadisk-002-20181213-033052 is not a valid resource reference.",
"target": "dataDisk.managedDisk.id"
}
}
I'm running the commands from Powershell, not Bash, if that makes a difference.
Figured it out. It is in fact a space delimited list. I didn't try this sooner because I incorrectly assumeed it would need some sort of grouping or it would look like different parameters, but just listing them out like
--attach-data-disks disk1 disk2 disk3
Will add them in that order. Wish the docs would have just said so. Would have saved me a bunch of time.
I'm getting a 400 error when testing the examples provided by Bottleneck.
I double checked that I'm using the correct Associate Tag with the right region (do I include the '-20' in the AWS_ASSOCIATE_TAG?), I tried setting my Ubuntu's timezone (running on a VM) to GMT to follow the api_url builder (below) but that didn't help.
I checked the credentials using AWS-Cli and I was able to pull all EC2 instances without a permission error.
I tried reading the HTTPError using e.read, but I'm getting a class bytes object which I can't further investigate.
Is there a way to parse the error into XML or a simple string so that I could understand what the error actually is? Did anyone else encounter this problem and can think of a solution?
AWS Error codes
query = {
'Operation': self.Operation,
'Service': "AWSECommerceService",
'Timestamp': time.strftime(
"%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
'Version': self.Version,
}
I was skimming the docs and so I missed a crucial element - I was using AWS' API credentials, while the ones required belong to Amazon Product API.
To access those, please use this link.
I have two projects linked to one clientID. Project "A" is in sandbox, the "B" one is confirmed. I was calling feed with this type of URL
https://api.instagram.com/v1/users/[userID]/media/recent/?client_id=[clientID]&count=20&access_token=[mySecretToken]
The problem is, that with this type of URL I can retrieve data only for project A. For confirmed project B I always get an error
{"meta": {"error_type": "APINotFoundError", "code": 400, "error_message": "this user does not exist"}}
I'm following the documentation ( https://www.instagram.com/developer/endpoints/users/#get_users_media_recent ) but this absolutely doesn't work outside the sandbox!
In another part of documentation I have found this:
For example, if you query the /users/{user-id}/ endpoint and the {user-id} is a sandbox user, then you will get the normal API response; but if the {user-id} is not a sandbox user, you will get a APINotFound error.
That's really useful information, but I really can' find a way, how can I retrieve data from confirmed (live, reviewed) project.
Can plz anyone help how can I do it?
I wanted to use SpagoBI 2.0 REST API:
http://docs.spagobi.apiary.io/#reference
Everything seems to be fine, reports are running fine on SpagoBI server, I can get all documents via:
http://spagobi-url/SpagoBI/restful-services/2.0/documents/
I can get subreport without parameter via:
http://spagobi-url/SpagoBI/restful-services/2.0/documents/document_label/content
But I don't know how to pass parameter to run subreport with parameter?
Any clues?
Thanks in advance!
your solution is fine, but you can simplify the request body with parameters information: you just need to specify the parameters' URL name and their value, for example:
[
{
"urlName": "Position",
"values": [
"Store Manager"
]
}
]
Pay attention to the fact that "subreport" means a report that is included into another bigger one, therefore your request was not so clear to me: I understood you were trying to execute just one "regular" report (that was not including other reports), is that right?
Hope this helps.
Best regards.
Davide