InvalidIamUserArnException when registering on prem instance - windows

No matter what instance name I choose, whenever I perform the following on an on prem instance:
aws deploy register --instance-name test --tags "Key=Name,Value=test" --region us-west-2 --debug
The following exception is thrown (always):
2016-04-12 11:02:52,625 - MainThread - awscli.errorhandler - DEBUG - HTTP Response Code: 400
ERROR
A client error (InvalidIamUserArnException) occurred when calling the RegisterOnPremisesInstance operation: Iam User ARN
arn:aws:iam::xxx:user/AWS/CodeDeploy/test is not in a valid format
Register the on-premises instance by following the instructions in "Configure Existing On-Premises Instances by Using AWS CodeDeploy" in the AWS CodeDeploy User Guide.
Despite this error, the user gets created on amazon, and I can continue to register the on prem instance with the following:
aws deploy register-on-premises-instance --instance-name test --iam-user-arn arn:aws:iam::xxx:user/test
aws deploy install --override-config --config-file codedeploy.onpremises.yml --region us-west-2 --agent-installer s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.msi
The instance is registered and the user is created, but when deploying to it, I always get "No hosts succeeded". The logs for the codedeploy agent show no errors.
I am not sure whats happening here either since no logs on either end, in codedeploy console or on the on prem machine codedeploy agent. Any ideas?
Please note I am using Windows Embedded Standard 2010 (which is not in the supported list) with the latest version of aws cli but I have successfully deployed to it in the past (with previous version of aws cli).

Figured it out, seems to be broken* if you try and let 'aws deploy register' create IAM user for you. However, if you create the user first (via console or aws cli), then it will work.
You can pass in the option '--iam-user-arn arn:aws:iam::xxx:user/OnPremCodeDeploy' with the 'aws deploy register' command afterwards.
I created the on prem yml manually with the correct access keys from manually creating user and then finally ran:
aws deploy install --overide-config --config-file conf.onpremises.yml --region us-west-2 --agent-installer s3://aws-codedeploy-us-west-2/latest/codedeploy-agent.msi
* at least w/ codedeployagent OFFICIAL_1.0.1.950_msi and windows embedded

Could you check if the IAM user you registered the on-premises instance with CodeDeploy has proper permissions? Including the following.
"iam:CreateAccessKey",
"iam:CreateUser",
"iam:DeleteAccessKey",
"iam:DeleteUser",
"iam:DeleteUserPolicy",
"iam:ListAccessKeys",
"iam:ListUserPolicies",
"iam:PutUserPolicy",
"iam:GetUser"
This can also be referred here: http://docs.aws.amazon.com/codedeploy/latest/userguide/how-to-configure-on-premises-host.html#how-to-configure-on-premises-host-prerequisites

Related

How to include the environment variables for IBM CloudEngine create/update task via secret Manager (keyValue Secret value)

After successfully creating Secret Manager instance in IBMcloud. I have created a key-value secret in default secret-group, this secret contains the default set of environment variables which will be used for CodeEngine deployment.
However, I am now continuously facing issues with trying to deploy the app, i use the below command to deploy, let me know if there is anything wrong here
ibmcloud ce application create --name ce-sample-app --image IMAGE_NAME --cpu 1 --env-from-secret sample-portal-ce-app-env-variables --registry-secret xyxyxyxyxyxy
The secrets that you reference in the Code Engine commands, are secrets managed in Code Engine directly rather than in a separate Secret Manager service instance.
Here is the documentation about secrets in Code Engine: https://cloud.ibm.com/docs/codeengine?topic=codeengine-configmap-secret
Basically you would need to create your secret like this:
ibmcloud ce secret create --name sample-portal-ce-app-env-variables --from-literal ENVVAR1=value1 --from-literal "ENVVAR2=value with space"
There are also options to import all environment variables from a file into a secret. To see all options, run:
ibmcloud ce secret create --help

How to invoke an EXE on EC2 Windows using Lambda/.Net Core

When file is uploaded to s3bucket, I need to invoke an executable on EC2 Instance. The executable will process a long job and invoke some command line executions
So, I want to run an EXE on EC2 Windows instance from AWS Lambda using .Net Core.
After some research, I figured out the prerequisites to do this
SSM Agent installed on EC2 instance
Create an IAM role for EC2:
AmazonSSMMamangementInstanceCore
IAM role for Lambda
AWSLambdaExecute
AmazonEC2ReadOnlyAccess
AmazonSSMFullAccess
AmazonS3FullAccess
Please advice me if there is any better approach to implement this.

Start AWS EC2 instance, run commands, stream logs to console and terminate

Trying to run few steps of CI/CD in a EC2 instance. Please don't ask for reasons.
Need to:
1) Start an instance using AWS CLI. Set few environment variables.
2) Run few bash commands.
3) Stream the command from the above commands into the console of the caller script.
4) If any of the commands fail, need to fail the calling script as well.
5) Terminate the instance.
There is a SO thread which indicates that streaming the output is not as easy. [1]
What I would do, if I had to implement this task:
Start the instance using the cli command aws ec2 run-instances and using an AMI which has the AWS SSM agent preinstalled. [2]
Run your commands using AWS SSM. [3] This has the benefit that you can run any number of commands you want - whenever you want (i.e. the commands must not be specified at instance launch, but can be chosen afterwards). You also get the status code of each command.[4]
Use the CloudWatch integration in SSM to stream your command output to CloudWatch logs. [5]
Stream the logs from CloudWatch to your own instance. [6]
Note: Instead of streaming the command output via CloudWatch, you could also periodically poll the SSM API by using aws ssm get-command-invocation. [7]
Reference
[1] How to check whether my user data passing to EC2 instance working or not?
[2] Working with SSM Agent - AWS Systems Manager
[3] Walkthrough: Use the AWS CLI with Run Command - AWS Systems Manager
[4] Understanding Command Statuses - AWS Systems Manager
[5] Streaming AWS Systems Manager Run Command output to Amazon CloudWatch Logs | AWS Management Tools Blog
[6] how to view aws log real time (like tail -f)
[7] get-command-invocation — AWS CLI 1.16.200 Command Reference
Approach 1.
Start an instance using AWS CLI.
aws ec2 start-instances --instance-ids i-1234567890abcdef0
Set few environment variables.
Use user dat of ec2 to set env. & run commands
..
Run your other logic / scripts
To terminate the instance run below command in the same instance.
instanceid=`curl http://169.254.169.254/latest/meta-data/instance-id`
aws ec2 terminate-instances --instance-ids $instanceid
Approach 2.
Use python boto3 or kitchen chef ci.

Trigger a shell script in Azure

I'm using a Kubernetes cluster in Azure running an ingress controller. The ingress controller routes to different services via a given context root.
To add another service and connect it to my ingress I build a simple shell script looking like this:
kubectl apply -f $1'-svc.yaml'
some script magic here to add a new route in the hello-world-ingress.json
kubectl apply -f 'hello-world-ingress.json'
I tested the script on my local machine and everything works as expected. Now I want to trigger the script with an HTTP rest call on Azure.
Does anyone have an idea how to do that? So far I know:
I need the Azure cli with Kubernetes to run the kubectl command
I need something to build the HTTP trigger. I tried using AzureFunctions, but I wasn't able to install the Azure cli in Azure Functions on the Azure Portal and I wasn't able to install Azure cli + Azure Functions in a Docker Container.
Does anyone have an idea how to trigger my shell script via HTTP in Azure in an environment where the Azure cli exists?
The easiest way, in my opinion, is to set up an Azure instance with kubectl and the Azure cli configured to talk to your cluster and on that same server setup something like shell2http. For example:
shell2http -export-all-vars /mybash "yourbash.sh"
shell2http -form /apply "kubectl apply -f $v'-svc.yaml'"
shell2http -export-all-vars /domore "domore.sh"
Where $v above is the name of your deployment.

How to Start or Stop an existing EC2 instance from a Jenkins Job

I have a Jenkins Job to start and stop AWS EC2 instances.
Probably the profile is misconfigured and I'm stuck at this :
botocore.exceptions.ProfileNotFound: The config profile xxxx could not be found
Using this command through Execute Shell:
aws ec2 stop-instances --region $AWS_DEFAULT_REGION --profile $AWS_PROFILE --instance-ids $INSTANCE
Any suggestions will be appreciated to modify the job or resolve this error.
Please check the profile name you passed in the command. It should be configured in your credentials file, usually found at this location ~/.aws/credentials
You can follow this guide (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) to set up profile.
Best of luck

Resources