Problem:
I want to programmatically fetch a quicksight dashboard URL through the SDK, (dashboard in region: eu-west-1) however whenever I use the following regions I get the following errors when I use the following regions:
eu-west-1: Error: Operation is being called from endpoint eu-west-1, but your identity region is us-east-1. Please use the us-east-1 endpoint.
us-east-1: No error, but the embed url is us-east-1 and results in a us-east-1.quicksight.aws.amazon.com refused to connect error in the browser, eg: https://us-east-1.quicksight.aws.amazon.com/embed/XXXXXX&identityprovider=quicksight&isauthcode=true',
Example Code:
Note: Credentials added for brevity, but are loaded from profile. Have also tried in Java SDK.
const AWS = require('aws-sdk')
const dotenv = require('dotenv').config()
const init = async () => {
AWS.config.credentials = {accessKeyId: process.env.ACCESS_KEY_ID, secretAccessKey: process.env.SECRET_ACCESS_KEY}
AWS.config.region = 'us-east-1'
// AWS.config.region = 'eu-west-1'
const quicksight = new AWS.QuickSight()
const embedUrlParams = {
AwsAccountId: '111122223333',
DashboardId: '11111111-2222-3333-4444-555555555555',
IdentityType: 'QUICKSIGHT',
UserArn: 'arn:aws:quicksight:us-east-1:111122223333:user/default/quicksight-user-1111'
}
const embedUrlRes = await quicksight.getDashboardEmbedUrl(embedUrlParams).promise()
console.log('embedUrlRes', embedUrlRes)
}
init()
CLI:
When I envoke exactly the same through CLI, eg:
aws quicksight get-dashboard-embed-url --aws-account-id 111122223333 --dashboard-id 11111111-2222-3333-4444-555555555555 --identity-type QUICKSIGHT --user-arn "arn:aws:quicksight:us-east-1:111122223333:user/default/quicksight-user-1111" --profile my-quicksight-profile
I get the a perfectly valid embed url in eu-west-1 that embeds perfect through the browser:
https://eu-west-1.quicksight.aws.amazon.com/embed/XXXXXXXX&identityprovider=quicksight&isauthcode=true
So:
I imaging that the SDK is not behaving as the CLI is in the respect of assuming roles, but I've tried this with little success, as well as pointing to quicksight regional endpoints.
Before I go down the rabbit hole, it would be good to see if anyone has experienced the same and how they resolved it.
Thanks!
For people who endup here, While generating and embedded link using sdk if your dashboard is in a different region you have to update quicksight parameters of the sdk to that region
something like the following
// Previous code blocks..
quicksight = new AWS.QuickSight({ region: targetRegion })
quicksight.getDashboardEmbedUrl(Params,function (error, embeddedLink){})
Also you have to whitelist domain on each region since quicksight considers each region as seperate entity
Related
I am trying to create a nodegroup via the aws sdk for node.js I'd prefer to do this than via the eksctl.
This is a simple question but there are just no code examples of this in the aws docs and I can't figure out the correct name spaces so unfortunately I am asking here:
My code is as follows with node.js
const AWS = require('aws-sdk');
AWS.config.update({region: 'us-west-2'});
const eks = new AWS.EKS();
AWS.config.update({region: 'us-west-2'});
// Name must be cluster
eks.CreateNodegroup({name:'openstudio-server',
instanceTypes:["t2.xlarge"],
"nodegroupName":'openstudio-node',
"scalingConfig": {
"desiredSize": 3,
"maxSize": 10,
"minSize": 3
}
})
I am consistently getting the error
What am I doing wrong?
I'm guessing you've resolved this already but it looks like you just need to change eks.CreateNodegroup() to eks.createNodegroup() and it should work.
source: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/EKS.html
I am trying to validate my access token (not JWT) with LoginRadius, I can do the login but after when I call my API I always get unauthorized or different errors according to my Authentication configuration, I am using like this. I believe the authority url is not correct but I couldn't find any other
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("login-radius", options => {
// Set the authority to your Auth0 domain
options.Authority = $"https://api.loginradius.com/identity/v2/auth/";
// Configure the Auth0 Client ID and Client Secret
options.ClientId = Configuration["ClientId"];
options.ClientSecret = Configuration["ClientSecret"];
// Set response type to code
options.ResponseType = OpenIdConnectResponseType.Code;
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/callback");
options.ClaimsIssuer = "loginradius";
// Saves tokens to the AuthenticationProperties
options.SaveTokens = true;
});
I believe you are trying to setup OIDC, and to configure it, please refer to the LoginRadius docs on OIDC, as it needs few things that need to be configured in the Admin Console and the correct authority URL: https://www.loginradius.com/docs/single-sign-on/tutorial/federated-sso/openid-connect/openid-connect-overview/#otheropenidfunctionality6
Please refer to the OIDC discovery endpoint, which provides a client with configuration details about the OpenID Connect metadata of the Loginradius App.
URL Format: https://cloud-api.loginradius.com/sso/oidc/v2/{sitename}/{oidcappname}/.well-known/openid-configuration
My account didn't have access to few features
I am trying to deploy a NodeJS app to elastic beanstalk using AWS CDK, things are working fine, deployment and redeployment works fine.However, the final URL which is generated has random string like 'MyDeployEnv1.eba-5vjzkdss.us-east-1.elasticbeanstalk.com'. While reading through various AWS documentation I came across the property CNAMEPrefix.
So I added the CNAMEPrefix in the elasticbeanstalk.CfnEnvironment call as below :
const elbEnv = new elasticbeanstalk.CfnEnvironment(this, 'Environment', {
environmentName: 'MyDeployEnv1',
CNAMEPrefix: 'myapi14',
applicationName: app.applicationName || appName,
solutionStackName: '64bit Amazon Linux 2018.03 v4.17.0 running Node.js',
optionSettings: optionSettingProperties,
versionLabel: appVersionProps.ref,
});
CNAMEPrefix is not working, any help to change/remove the random alphanumeric string in the URL would be helpful 'MyDeployEnv1.eba-5vjzkdss.us-east-1.elasticbeanstalk.com'
Version details :
aws-cli 2.1.1 Windows/10 exe/AMD64
CDK version : 1.75.0 (build 7708242)
I am working on a task that uploads image to SFTP server with Firebase Function. But the image source is not from my local computer but a http URL such as https://image.com/abc.jpg. I am using ssh2-sftp-client npm package. Currently I am using my mac both for client and server and it is working fine when I am accessing local file(/Users/shared/abc.jpeg) and uploading it to local server(/Uesrs/shared/sftp-server/abc.jpeg). But when I tried to have access to https://image.com/abc.jpg. and upload it to local server I got the error that says "ENOENT: no such file or directory/ ...". And below is my code
const functions = require('firebase-functions');
let Client = require('ssh2-sftp-client');
exports.sftpTest = functions.https.onRequest((request, response) => {
let sftp = new Client();
const config = {
host: '192.***.***.***',
port: '22',
username: '****',
password: '****'
}
let localFile = 'https://images.unsplash.com/photo-1487260211189-670c54da558d?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=934&q=80';
let remoteFile = '/Users/Shared/unsplash.JPG';
sftp.connect(config)
.then(() => {
sftp.fastPut(localFile, remoteFile);
})
.catch(err => {
console.error(err.message);
});
});
My first time to have access to sftp server and anyone's advice will be much appreciated.
The method you are using from this library does not support usage in the way you are trying to set it up. the method fastPut usually is to upload local files to a remote server, I think you should use the fastGet method in order to download files from a remote server, however, please note that there are no notes that indicate that you can use these methods with the URL in the way you are trying to achieve.
I want to encrypt and decrypt son values by using google cloud kms and I am using this code as example https://github.com/GoogleCloudPlatform/java-docs-samples/blob/master/kms/src/main/java/com/example/CryptFile.java
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// The resource name of the cryptoKey
String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId);
// Encrypt the plaintext with Cloud KMS.
EncryptResponse response = client.encrypt(resourceName, ByteString.copyFrom(plaintext));
// Extract the ciphertext from the response.
return response.getCiphertext().toByteArray();
}
When the code executes the line client.encrypt(resourceName, ByteString.copyFrom(plaintext)); it freezes and I do not get any response.
If I use gcloud command to encrypt/decrypt it works.
I run my application on App Engine standard (runtime java8) and the dependency I am using is
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-kms</artifactId>
<version>1.29.0</version>
</dependency>
I made some changes in my code to get credentials:
AppIdentityService appIdentityService = AppIdentityServiceFactory.getAppIdentityService();
GoogleCredentials credentials = AppEngineCredentials.newBuilder().setScopes(Arrays.asList("https://www.googleapis.com/auth/cloudkms")).
setAppIdentityService(appIdentityService).build();
FixedCredentialsProvider credentialsProvider = FixedCredentialsProvider.create(credentials);
KeyManagementServiceSettings kmsSettings = KeyManagementServiceSettings.newBuilder().setCredentialsProvider(credentialsProvider).build();
try (KeyManagementServiceClient client = KeyManagementServiceClient.create(kmsSettings)) {
But I always get "UNAUTHENTICATED: Failed computing credential metadata".
Any help?
Please let me know if I'm missing something here.
Regards
Same thing, running the code from example hags on the call to encrypt
Json auth file is set to the environment
export GOOGLE_APPLICATION_CREDENTIALS="../my.json"
User is granted the correct permission as per documentation
Cloud KMS CryptoKey Encrypter/Decrypter
Verified in debugger all 4 parameters are correct:
projectId, locationId, keyRingId, cryptoKeyId
This code hangs
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
final String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId);
// Always Hangs here!!!!
final EncryptResponse response = client.encrypt(resourceName, ByteString.copyFromUtf8(data));
return response.getCiphertext().toString();
}