"certificatefordns":{
"Type" : "AWS::CertificateManager::Certificate",
"Properties" : {
"DomainName" : "*.test-elb.acb.com",
"ValidationMethod" : "DNS"
},
"CertificateDNSRecord":{
"Type": "Custom::CertificateDNSRecord",
"Properties": {
"CertificateArn": {
"Ref": "certificatefordns"
},
"DomainName": "*.test-elb.acb.com"
}},
"DNS": {
"Type": "AWS::Route53::RecordSetGroup",
"Properties": {
"HostedZoneId": "Z01724793QXGY7AZ",
"RecordSets": [
{
"Name": {
"Ref": "AlternateDomainNames"
},
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z23TAZ6MNIO",
"DNSName": {
"Fn::GetAtt": [
"WebLoadBalancer",
"DNSName"
]
}
}
},
{
"Name": {
"Fn::Sub": "${CertificateDNSRecord.Name}"
},
"Type": {
"Fn::Sub": "${CertificateDNSRecord.Type}"
},
"TTL": "60",
"Weight": 1,
"SetIdentifier": "*.test-elb.acb.com",
"ResourceRecords": [
{
"Fn::Sub": "${CertificateDNSRecord.Value}"
}
]
}
]
}
}
Hi Team,
I want to create a new certificate for Load balancer and with the help of this json code I am able to create that certificate but after some time it will through an error that property servicetoken cannot be empty So As i searched I am confused that I need to create lambda function or what?
Or Is there any other way to decline this error.
Please guide me into this.
Custom resources in CloudFormation require a ServiceToken:
The service token that was given to the template developer by the service provider to access the service, such as an Amazon SNS topic ARN or Lambda function ARN. The service token must be from the same region in which you are creating the stack.
Your Custom::CertificateDNSRecord is missing it. Thus you have to provide it.
If the custom resource is for validating ACM certifications, you can check the new option, which should not require custom lambda function:
AWS Certificate Manager Extends Automation of Certificate Issuance Via CloudFormation
Yes I got the solution own my own. We just need to use this template that's it.
"certificatefordns":{
"Type" : "AWS::CertificateManager::Certificate",
"Properties" : {
"DomainName" : "*.test-elb.acb.com",
"ValidationMethod" : "DNS",
"DomainValidationOptions": [
{
"DomainName": {
"Ref": "AlternateDomainNames"
},
"HostedZoneId": "Z01724793QXGL8FOZ"
}]
}
},
It will create a new certificate.
Related
I have the following code which I'm trying to read in CMake.
{
"demo": [
{
"name": "foo0",
"url": "url1",
"verify_ssl": true
},
{
"name": "foo1",
"url": "url1",
"verify_ssl": true
},
{
"name": "foo2",
"url": "url2",
"verify_ssl": true
}
]
}
I'm trying to access a member from the list above, for example demo[0].name without success, what I'm doing wrong?
file(READ "${CONAN_CACHE}/demo.json" MY_JSON_STRING)
string(JSON CUR_NAME GET ${MY_JSON_STRING} demo[0].name)
One at a time.
string(JSON CUR_NAME GET ${MY_JSON_STRING} demo 0 name)
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters": {
"AlternateDomainNames": {
"Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
"Type": "String",
"Default": "test.example.com"
}
},
"Resources" : {
"myDistribution" : {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"Origins" : [ {
"DomainName" : "ELBfor-1234.region.elb.amazonaws.com",
"Id" : "myCustomOrigin",
"CustomOriginConfig" : {
"HTTPPort" : "80",
"HTTPSPort" : "443",
"OriginProtocolPolicy" : "match-viewer",
"OriginSSLProtocols" : [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"SSLv3"
]
}
} ],
"HttpVersion": "http2",
"Aliases": [
{
"Ref": "AlternateDomainNames"
}
],
"Enabled" : "true",
"Comment" : "example-cdn",
"DefaultCacheBehavior" : {
"TargetOriginId" : "myCustomOrigin",
"SmoothStreaming" : "false",
"AllowedMethods": [
"HEAD",
"GET",
"OPTIONS"
],
"MaxTTL": "31536000",
"MinTTL": "0",
"Compress" : "true",
"ForwardedValues" : {
"QueryString" : "false",
"Cookies" : { "Forward" : "all" }
},
"ViewerProtocolPolicy" : "allow-all"
},
"PriceClass" : "PriceClass_All",
"Restrictions" : {
"GeoRestriction": {
"RestrictionType": "none",
"Locations": []
}
},
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn" : {
"Fn::Sub": "arn:aws:acm:us-east-1:<ID>:certificate/2345f-534234"
}
}
}
}
}
}
}
Hi Team,
I am using this in my cloudfront template to add my custom SSL on that and it is showing me some an error:- Exactly one of [AcmCertificateArn,CloudFrontDefaultCertificate,IamCertificateId] needs to be specified.
So please let me know how will i add this or if there is any option to add in parameter so that it will list that certificate. Please guide me for the same. This is my certificate ARN - arn:aws:acm:us-east-1::certificate/2345f-534234
ViewerCertificate block should look like this in your case:
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn": " arn:aws:acm:us-east-1::certificate/2345f-534234"
}
Also what you should always take care is that certificate is provisioned in us-east1 region (yours is, based on the ARN :)
The property you need to use is ViewerCertificate. The configuration within the CloudFormation documentation should help you identify any options you might want to add.
You can add a parameter if you would like to specify the ACM certificate, the type will be a string.
Below is an updated template. You will need to ensure th ACM certificate includes your account id. I have ran this to validate that it builds successfully.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"AlternateDomainNames": {
"Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
"Type": "String",
"Default": "test.example.com"
}
},
"Resources": {
"myDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Origins": [{
"DomainName": "ELBfor-1234.region.elb.amazonaws.com",
"Id": "myCustomOrigin",
"CustomOriginConfig": {
"HTTPPort": "80",
"HTTPSPort": "443",
"OriginProtocolPolicy": "match-viewer",
"OriginSSLProtocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"SSLv3"
]
}
}],
"ViewerCertificate": {
"SslSupportMethod": "sni-only",
"AcmCertificateArn": "arn:aws:acm:us-east-1::certificate/2345f-534234"
},
"HttpVersion": "http2",
"Aliases": [{
"Ref": "AlternateDomainNames"
}],
"Enabled": "true",
"Comment": "example-cdn",
"DefaultCacheBehavior": {
"TargetOriginId": "myCustomOrigin",
"SmoothStreaming": "false",
"AllowedMethods": [
"HEAD",
"GET",
"OPTIONS"
],
"MaxTTL": "31536000",
"MinTTL": "0",
"Compress": "true",
"ForwardedValues": {
"QueryString": "false",
"Cookies": {
"Forward": "all"
}
},
"ViewerProtocolPolicy": "allow-all"
},
"PriceClass": "PriceClass_All",
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Locations": []
}
}
}
}
}
}
}
I'm setting up a Firmware-Framework, where I unforutunately have to add historically Sensor Values. But I also need the creationDate and the modificationDate for other usecases.
Therefore I add the Attribute "Metadata" with the variable "TimeInstant". Then I create an Entity, create an Orion-Subscription for that Entity and update the Entity with my old Sensor-Valses.
The Json-File I send to the Orion-Context Broker to update the Attribute looks like this:
{
"metadata": {
"TimeInstant": {
"type": "DateTime",
"value": "2015-02-02T11:35:25.0000Z"
}
},
"type": "Number",
"value": 0.0132361 }
The Output in my Mongo-DB like this:
"_id": {
"id": "urn:ngsi-ld:SensorB-K1200____",
"type": "Sensor",
"servicePath": "/test/servicepath"
},
"attrNames": [
"Sensor_value"
],
"attrs": {
"Sensor_value": {
"value": 0.01632361,
"type": "Number",
"md": {
"TimeInstant": {
"type": "DateTime",
"value": 1422876989
}
},
"mdNames": [
"TimeInstant"
],
"creDate": 1568712813,
"modDate": 1568735930
}
},
"creDate": 1568712813,
"modDate": 1568735930,
"lastCorrelator": "0a129232-d964-11e9-8e5a-0242ac130009" }
But my Crate-DB only has the columns:
entity_id entity_type fiware_servicepath sensor_value time_index
My Subscription File looks like this:
{
"expires": "2019-12-24T18:00:00",
"notification": {
"http": {
"url": "http://quantumleap:8668/v2/notify"
},
"metadata": [
"dateCreated",
"dateModified",
"TimeInstant"
]
},
"subject": {
"entities": [
{
"id": "urn:ngsi-ld:SensorB-K1200____",
"type": "Sensor"
}
]
},
"throttling": 0 }
I've tried changing the "Metadata" Attributes in the Subscription-File, also tried restartig Crate-DB, ContextBroker e.g..
I excpect the CrateDb to show all three values: "dateCreated", "dateModified" and "TimeInstant".
Did you check what's the message notification actually sent by Orion to QuantumLeap?
As regards the payload I would try as follow:
{
"TimeInstant": {
"type": "DateTime",
"value": "2015-02-02T11:35:25.0000Z"
},
"type": "Number",
"value": 0.0132361
}
Internally we usually use as attribute name for this type of scenario dateObserved, but it would not make any difference w.r.t. TimeInstant.
I am not actually sure you can attach metadata to the root of NGSI message, I believe they are supposed to be attached only to attributes.
Anyhow, QuantumLeaps does not support NGSI metadata (i.e. metadata attached to NGSI attributes). Still it support time indexing based on them.
The way Quantum Leap handles TimeInstant metadata and other time metadata is via time_index. See documentation here: https://quantumleap.readthedocs.io/en/latest/user/#time-index
I have a cloudformation template in which I send a JSON parameters file over. It was not a real problem, as my parameters file used to look like this:
[
"InstanceType=t2.medium",
"AmiStack=amilookup-stack"
]
However, I want to add a list to the parameters file, something like this:
[
"InstanceType=t2.medium",
"AmiStack=amilookup-stack",
[
"CertificateArn1=arn:aws:acm:us-east-1:xxx",
"CertificateArn2=arn:aws:acm:us-east-1:xxy",
]
]
What is the best way to express this in my parameters json file, and how to express this in the cloudformation template itself?enter code here
This is a known problem with Cloudformation. You can use comma demlimited list as parameter type.
Cloudformation Template (test.json)
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"Name": {
"Type": "String",
"Description": "SubnetGroup Name"
},
"Subnets": {
"Type": "CommaDelimitedList",
"Description": "The list of SubnetIds in your Virtual Private Cloud (VPC)"
}
},
"Resources": {
"myDBSubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "description",
"DBSubnetGroupName": {
"Ref": "Name"
},
"SubnetIds": {
"Ref": "Subnets"
}
}
}
}
}
Parameter.json
[
{
"ParameterKey": "Name",
"ParameterValue": "testName"
},
{
"ParameterKey": "Subnets",
"ParameterValue": "subnet-abcdefg,subnet-abcdef1,subnet-abcdef2"
}
]
aws cloudformation create-stack --stack-name testStack --template-body file://test.json --parameters file://parameter.json --profile yourawsprofile
I have this subscription:
{
"id": "5a27abba56256c402cec5654",
"description": "my subscription",
"status": "active",
"subject": {
"entities": [
{
"idPattern": ".*"
}
],
"condition": {
"attrs": []
}
},
"notification": {
"timesSent": 56939,
"lastNotification": "2018-01-29T09:06:45.00Z",
"attrs": [],
"attrsFormat": "normalized",
"http": {
"url": "http://notif_url"
},
"lastFailure": "2018-01-24T15:10:08.00Z",
"lastSuccess": "2018-01-29T09:06:45.00Z"
}
}
Using it I can get notified about new entities whithout specifiying a particular entity ID.
The problem is that when one entity attribute changes I get notified about all attributes.
Is it possible to get notified only about the attribute that has changed and keeping in the same time the possibility to discover new entities?
Something like in if attribut x changed in the condition part, get notified about it:
"condition": {
"attrs": [attribute_X]
}
"notification": {
"attrs": [attribute_X]
}
Thanks!
It works the way you mention. I mean, using:
"condition": {
"attrs": [ "attribute_X" ]
}
...
"notification": {
"attrs": [ "attribute_X" ]
}
Whenever attribute named attribute_X changes (or appears first time, typically at entity creation time) you will receive a notification including only attribute_X