I am trying to use the DynamoDB sample provided by AWS here, but I'm running into this error:
2014-12-17 11:26:32.374 DynamoDBSample[8952:766429] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:433 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke293 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSSTSErrorDomain Code=0 "The operation couldn’t be completed. (com.amazonaws.AWSSTSErrorDomain error 0.)" UserInfo=0x7f8fdb82fd20 {Type=Sender, Message=Not authorized to perform sts:AssumeRoleWithWebIdentity, Code=AccessDenied, __text=(
"\n ",
"\n ",
"\n ",
"\n "
)}]
My IAM policy for both Auth and UnAuth is:
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*",
"dynamodb:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}]
}
I'm a little bit stuck on what to try next. Please help! Thank you
Related
I'm trying to push an image to a public repository in ECR. To be able to do so, I created a policy that gives push permissions and attached this policy to my user. The policy in JSON format is the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:*"
],
"Resource": "arn:aws:ecr:us-east-1:*:repository/my-app"
},
{
"Effect": "Allow",
"Action": [
"ecr:*"
],
"Resource": "arn:aws:ecr:us-east-1:*:repository/my-app-public"
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
The push works fine for the private repository but gives the error denied: Not Authorized when I try to push the image to the public repo. How can I push an image to an ECR public repo?
ECR Public is its own service (with its own ecr-public:* actions). To push images to ECR Public, a set of ecr-public actions is needed in the statement.
The first example here should get you on the right track: https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policy-examples.html
While trying to configure and create an admin user for rabbitmq with a JSON file. The users are created. But I am getting the following error while logging in with valid credentials from the web management console.
2022-07-22 08:15:56.342071+00:00 [warning] <0.847.0> HTTP access denied: user 'admin' - invalid credentials
My configurations and docker files are as follows.
rabbitmq.config
[
{rabbit, [
{loopback_users, [admin]}
]},
{rabbitmq_management, [
{load_definitions, "/etc/rabbitmq/definitions.json"}
]}
].
definitions.json
{
"users": [
{
"name": "guest",
"password_hash": "abcd",
"hashing_algorithm": "rabbit_password_hashing_sha256",
"tags": ""
},
{
"name": "admin",
"password_hash": "admin123",
"hashing_algorithm": "rabbit_password_hashing_sha256",
"tags": "administrator"
}
],
"vhosts": [
{
"name": "/"
}
],
"permissions": [
{
"user": "admin",
"vhost": "/",
"configure": ".*",
"write": ".*",
"read": ".*"
}
],
}
FROM rabbitmq:3.9-management
COPY conf/rabbitmq.config /etc/rabbitmq/
COPY conf/definitions.json /etc/rabbitmq/
RUN chown rabbitmq:rabbitmq /etc/rabbitmq/rabbitmq.config /etc/rabbitmq/definitions.json
CMD ["rabbitmq-server"]
I also tried to log in with rabbitmqctl
>>rabbitmqctl authenticate_user admin admin123
Authenticating user "admin" ...
Error:
Error: failed to authenticate user "admin"
user 'admin' - invalid credentials
When the password is changed with rabbitmqctl change_password admin admin123 everything seems to work fine.
The only warning in the log on rabbitmq startup is
2022-07-22 08:15:30.218099+00:00 [warning] <0.652.0> Message store "628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent": rebuilding indices from scratch
Could someone please tell me the possible cause and solution? If I've missed out anything, over- or under-emphasized a specific point, please let me know in the comments. Thank you so much in advance for your time.
Your definitions file must contain the HASH of the password, not the password itself. Generally what I do is set a user's password via change_password like you have, then export the current definitions. You'll notice that they contain the hashed password.
You can also generate the hash yourself. See this:
How to generate password_hash for RabbitMQ Management HTTP API
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Im trying to upload an image on s3 bucket using ruby on rails and paperclip, but its not working I have tried almost everything on the web.
I know there is many questions about this but I have tried most of them, and nothing worked please review the question cause i listed what i tried in the question
I did set IAM User and User has AmazonS3FullAccess policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
I did set policy on the bucket
{
"Version": "2012-10-17",
"Id": "Policy1557294263403",
"Statement": [
{
"Sid": "Stmt1557294241958",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::726051891502:user/borroup-admin"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::borroup",
"arn:aws:s3:::borroup/*"
]
}
]
}
I did set CORS configuration editor on the bucket
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I made sure all the Public access settings for this bucket set to false
This is ruby on rails config
Note: im using the user access_key_id and secret_access_key for this
config.paperclip_defaults = {
storage: :s3,
path: ':class/:attachment/:id/:style/:filename',
s3_host_name: 's3.us-east-2.amazonaws.com',
s3_credentials:{
bucket:'borroup',
access_key_id: '************',
secret_access_key:'***************************',
s3_region:'us-east-2'
}
}
I do get this error when I try to upload the image
Aws::S3::Errors::AccessDenied in PhotosController#create
When I check the bucket log I get this
Are the bucket and IAM user in different account ?
If so, the bucket policy is incorrect, the correct bucket policy
{
"Version": "2012-10-17",
"Id": "Policy1557294263403",
"Statement": [
{
"Sid": "Stmt1557294241958",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::726051891502:user/borroup-admin"
},
"Action": "s3:",
"Resource": ["arn:aws:s3:::borroup","arn:aws:s3:::borroup/"]
}
]
}
// --> borroup/asterisk --> for some reason, asterisk symbol removed here or maybe I don't know how to use stackoverflow correctly.
If the User and bucket in the same account, the policy doesn't matter because IAM user has full permission.
I have been able to upload/download files from an iOS app with no problems. I have recently created a new bucket to store new image files. When I try to download a file from the recently created bucket I get the following error:
[Error Domain=com.amazonaws.AWSS3ErrorDomain
Code=1 "The operation couldn’t be completed. (com.amazonaws.AWSS3ErrorDomain error 1.)"
UserInfo=0x183a7760
{HostId=ST+d3VvsztpkvPfxLvYeS6b+pukUHuVzKJElYPWVYHYpK0wNjNAlEttJHFta2ApUYhFTTGzhqEg=,
Code=AccessDenied,
Message=Access Denied,
RequestId=662BA8AD07272A0C}]
I have correctly added the new bucket to my IAM policy as shown below
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::oldbucket1/*",
"arn:aws:s3:::oldbucket2/*",
"arn:aws:s3:::newbucket/*"
]
}
]
}
This policy is valid and worked before with my old buckets.
I have a grails 2.1.1 app that is accessing images stored in a bucket on s3, which I am accessing using the Grails-AWS plugin.
Everything works fine when I use "grails run-app" and the server is localhost:8080/myApp. I can put and get files with no problem.
But when I deploy the war file to Amazon Elastic Beanstalk I get the following error when trying to get an image:
java.io.FileNotFoundException: 90916.png (Permission denied)
at java.io.FileOutputStream.<init>(FileOutputStream.java:209)
at java.io.FileOutputStream.<init>(FileOutputStream.java:160)
at com.sommelier.domain.core.MyDomainObject.getPicture(MyDomainObject.groovy:145)
Here is my code for getting the image that is initiating the error:
File getPicture() {
def url = aws.s3().on("mybucket").url(image, "myfoldername")
File imageFile = new File(image)
def fileOutputStream = new FileOutputStream(imageFile)
def out = new BufferedOutputStream(fileOutputStream)
out << new URL(url).openStream()
out.close()
return imageFile
}
I have set the permissions on my s3 bucket as wide open as I can. I have used the "Add more permissions" button and added every possible option.
Here is my bucket policy:
{
"Version": "2008-10-17",
"Id": "Policy1355414697022",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}
And my CORS configuration:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Any thoughts? Is this a S3 permissions problem, or is there something else?
It seems you're trying to create the file where you don't have write permission.
It's better practice to not save a copy to the app server. If you can I suggest you return the manipulation/content/whatever from the object in memory.
But if you really do need the file locally for some reason, you should have write permission in /tmp