I know how to publish a serverless application using aws visual studio toolkit.
It's just you login into aws explorer with user's access key & Secret access key. and then right click on the solution and publish to AWS lambda. It's so simple.
But what about if i have my user has a different assume role that further has access to all the AWS resources and can publish.
So i know how to publish it using assume role via aws CLI by creating a profile let's say "powerdevrole" and whenever we type any command deploy then we use "--profile powerdevrole" in the end with MFA access enabled.
So my question is how to publish the same using aws toolkit if we have an assume role and MFA enabled on that??
Also i have tried to get the cached keys and then used that into aws explorer to publish my project but it's not working for me.
Please help me out.
Thanks,
Vinod Bhatt
Related
I'm trying to create a release definition in Visual Studio Online with the task "Deploy Azure App Service".
When I try to authorize for the subscriptions it gives this error message below.
Error(s):
Insufficient privileges to complete the operation. For troubleshooting refer to link.
The content of the link they provide doesn't seem to help me.
I already tried this using Azure Service Administrator account.
Why is this happening? What are the kind of permissions i need for doing this?
The user must be a member of Global Admin role in the directory.
On the other hand, you may configure it manually with this PowerShell script.
More information, you can refer to Automating Azure Resource Group deployment using a Service Principal in Visual Studio Online: Build/Release Management (Manual configuration section)
Download & run this PowerShell script in an Azure Powershell window to
generate required data for Service Principal based Azure service
connection. Running this script would prompt you for:
The name of your Azure Subscription name
A password that you would like to set for the Service Principal that is going to be created
Note: the script has been tested with Azure PowerShell version 1.0.2.
Once successful, the script would output the following details for the
Azure Service Endpoint.
Connection Name
Subscription Id
Subscription Name
Service Principal Client Id
Service Principal key
Tenant Id
I have mutifactor authentication setup for web console logins (using google authenticator).
But I can still open VS with the AWS toolkit, it automatically pulls my creds, and I have access to all my AWS services. It also doesn't seem to time out.
I want VS to prompt me for a google authenticator code before it can connect to AWS.
Is this possible?
I'd hate to have MFA for web console logins totally subverted by VS (which may become the tool of choice).
For IAM users, MFA only affects console login. It does not affect the IAM access keys used for that user.
Since Visual Studio uses access keys, it will not prompt you for the MFA device code.
I'm working on deployment of multiple VMs' on Azure platform. I'm having problem authenticating without web interactive Login. I'm going through authentication using service-principal. However as soon as i try to run a 'azure vm list' for instance, I get a message: The server failed to authenticate.
P.S. I could create VM using interactive login. However this way does not work for the automated deployment. I'm the owner, admin of the Trial azure subscription.
I am guessing, you are using ASM instead of ARM. Unfortunately, for Azure CLI, service principal only work for ARM. See this issue in GitHub.
Luckily, there is an alternative for this. you can use azure account download or click https://manage.windowsazure.com/publishsettings to download a publish settings profile. And then, use azure account import <the file name> to login.
Notice that similar to service principal, publish settings profile only work for ASM. Microsoft Azure encourages you to use ARM instead of ASM, hence I suggest you to switch to ARM. Service Principal is Role-Based Access Control. That provides extra security. And, ASM is retiring, which means new service will only available in ARM.
I followed the steps as per
https://github.com/OfficeDev/O365-WebApp-MultiTenant and added the connected service. However this does not register the app under Windows Azure Active Directory Applications. I have properly linked my office 365 account into Azure. However when I add the connected service it is still empty. Is this a known issue and what is the work around?
No, this isn't a known issue. The "Add Connected Service" wizard is not generating a client ID and secret in your web.config?
As a workaround you could login to the Azure Management Portal and register the app manually, then put the client ID and secret into your web.config.
I just had the same issue and spend some hours on it. Finally it turns out that I had used a user account to log in in visual studio that was assigned to a different MS Azure account.
In my case I was using the user of production environment instead of my own developer account to log in.
I am trying to connect to authenticate to our Azure platform dynamically to run the following commands
azure vm show
azure vm restart
azure vm start
azure vm stop
To run these commands It seems I have to authenticate manually via a browser using Azure's dynamically generated code, returned from the execution of the Azure login command.
Is there a way to authenticate dynamically without manual intervention? We would ideally like to do this via a BASH script if possible.
Note: We don't need to do this with AD accounts.
According to the official doc, and according to the experience, there are two ways to do that - using azure login (auth using dialogue, not the dynamic as you describe that), and using publish settings file which you may use for management without need to login in the browser.
azure account download
azure account import <path to your .publishsettings file>