I am trying to learn my way of developing a REST app via Spring Boot framework using the AWS Elastic Beanstalk infrastructure. I am using the IntelliJ IDE to develop and test the app on my local box before deploying it to the AWS Elastic BeanStalk server. I am trying to talk to the AWS RDS instance in my app. With the following code snippets my app is able to talk to RDS instance when deployed and run against my local box but gives me http 404 when deployed on the AWS server which i guess is because the deploy failed due to failure to connect to the RDS instance from AWS.
Project POM file
Application Properties file
User Repository file
I am looking for a correct way to configure these secrets so that they are not present in the git. Ideally take it from AWS environment variables defined for the instance but i am not able to figure out how the spring boot application properties files can access AWS Elastic BeanStalk environment configuration variables.
I have read some documents and tutorials but not exactly able to figure this out. Like Spring Cloud SDK, Sample Spring Boot AWS App
[Edit 1] To provide more information, I was able to ssh into the box and observe the logs. The point of interest is :
Caused by: com.amazonaws.AmazonServiceException: User: arn:aws:sts::486695215273:assumed-role/aws-elasticbeanstalk-ec2-role/i-dc86381f is not authorized to perform: cloudformation:DescribeStackResources (Service: AmazonCloudFormation; Status Code: 403; Error Code: AccessDenied; Request ID: 1ee8c03b-ecd4-11e5-9fe1-378ce4cb26d3)
[Edit 2] After adding AWSCloudFormationReadOnlyAccess security policy in the required policy,
Stack for i-dc86381f does not exist (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: f579cc15-ecd4-11e5-a20b-114992e25084)
My template file as mentioned in AWSCloudFormation is My Template File
Configuring Elastic Beanstalk "secrets", or environment variables, can be done via the cli or via the GUI. For the cli use:
eb setenv ExampleVar=ExampleValue
Which is pretty straight forward. Docs here: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-setenv.html
To do it via the GUI you'll navigate to your application and the desired environment, click on Configuration in the left hand menu. Click the gear icon on the "Software Configuration" panel, and you'll be taken to the the configuration page where you can set "Environment Properties", which are key/value pairs... You can set a property name and then the property value and when you click "apply" they'll be applied to your environment and then your application can access them however it would normally access environment variables in production.
Related
I have a Spring Boot app where on some occasions I am sending automated emails. My App is hosted on AWS ECS(Fargate) and is using AWS SES for sending emails. I added a role to my Fargate task with all needed permissions for AWS SES. Most of the time, the app is able to authenticate and send emails correctly however on some occasions authentication fails and because of that email/s are not sent. The error I am receiving is:
> Unable to load AWS credentials from any provider in the chain:
> EnvironmentVariableCredentialsProvider: Unable to load AWS credentials
> from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and
> AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)),
> SystemPropertiesCredentialsProvider: Unable to load AWS credentials
> from Java system properties (aws.accessKeyId and aws.secretKey),
> WebIdentityTokenCredentialsProvider: To use assume role profiles the
> aws-java-sdk-sts module must be on the class path.,
> com.amazonaws.auth.profile.ProfileCredentialsProvider#6fa01606:
> profile file cannot be null,
> com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper#4ca2c1d:
> Failed to connect to service endpoint
Now, if this would happen each time I would conclude that I configured something incorrectly. However, since authentication fails only sometimes I am not sure what the problem is.
I am using the following aws-sdk version: 1.12.197
When I am initializing a client, I am doing it on the following way:
AmazonSimpleEmailService client = AmazonSimpleEmailServiceClientBuilder.standard() .withRegion(Regions.US_EAST_1).build();
Does anyone has any idea why authentication would fail only sometimes?
Thank you for help.
It appears that one of my ECS tasks used an older version of the Task definition and it didn't have the correct permissions set. After I updated it, it seems to work fine no.
I am getting the below response while calling /businesspartners api after deploying s4sdk app to cf.
I was able to test this app by deploying locally (after ALLOW_MOCKED_AUTH_HEADER: true), so i deployed the appl'n to cloud foundry, and tried using destinations service(insted of env), below are the steps that i followed.
step 1: Set up the cloud connector
step 2: Create service instance of xsuaa and destinations
step 3: Refer this in app yaml file
step 4: Push the package to cloud. (mvn clean package; cf push)
step 5: Now i went ahead and configured destinations; (app>> service instance>>destinations)
Here i couldn't test the connectivity, when i pressed "check connection" i was getting the below error:
How do i test this connection?
step 6: With the belief that the connection is working i went ahead and restarted the app, and started testing api's. the app was up but when i was getting above(fig.1) error.
step 7: Tried looking at the logs, and notices the below to errors
could anyone help over here to resolve this issue..?
Tried with setting "ALLOW_MOCKED_AUTH_HEADER" -> same two issue
Tried removing properties in destinations, but same errors.
Could not try with destinations variable in CF, as our S4 system is not publicly opened, so tried it locally it works.
Tried with Neo, it works both locally and on cloud.
But after pushing to CF, couldn't manage to run
Thanks,
Girish
You additionally need to bind your application to an instance of the connnectivity service on Cloud Foundry to communicate via the Cloud Connector. This is mentioned, albeit a bit hidden, in the error message "Failed to get connectivity service credentials: no service binding found".
Create a service instance with cf create-service connectivity lite my-connectivity.
Add the name of this instance to the section services in your manifest.yml file.
If you still face issues afterwards, please also try to remove the proxyPort and proxyHost properties from your destination. Those should not be required.
For more details about on-premise connectivity on SAP Cloud Platform Cloud Foundry, consult the following blog post.
I'm trying to connect to s4 hana system using s4 sdk. While executing calls via .execute() method in cloud foundry environment, i see below error logs:
Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get authentication headers. Destination service returned error: Missing private and public key for subaccount ******-****-****-***-*******.
Note: I've already configured trust between subaccount and S4Hana system and created respective communication and business user. The associated authentication method used in the destination is oAuth2SamlBearerAssertion. Note: The call executes fine in both local and cloud foundry environment with basic authentication.
Can someone please suggest what is wrong here.
As correctly pointed out by #Dennis H there was a problem in trust configuration between my subaccount and S4 Hana system, the configuration wrong in my case :
-> The certificate I downloaded for trust was using this URL:
https://.authentication.eu10.hana.ondemand.com/saml/metadata
This is incorrect we need to get the certificate from download trust button in destination tab at subaccount level
->Provider name was incorrect in the communication system.
We are developing a side-by-side extension app and deploying it to CF. Our app is trying to connect to S4HANA cloud system using oAUTH2SAMLBEARERASSERTION. But facing issues while doing it. We are getting below error in logs. Please be noted, we are able to connect to S4HANA Cloud using basic auth.
com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to access the configuration of destination
Our destination parameters look as attached screenshotenter image description here
Thank you.
I am new to Cloud Foundry and I want to set up a local CF instance in Vagrant. I followed the steps described in http://docs.cloudfoundry.org/deploying/boshlite/ and got a local instance up and running. I am also able to deploy a simple Ruby app into CF.
Now I want to deploy the Spring sample application from https://docs.cloudfoundry.org/buildpacks/java/gsg-spring.html into CF for which I need a ClearDB database service.
Using the command proposed to create a service instance cf create-service cleardb spark mysql I get the following error:
Creating service instance mysql in org test-org / space test-space as admin...
FAILED
Service offering cleardb not found
When I check my service marketplace in my CF installation with cf marketplace I get
Getting services from marketplace in org test-org / space test-space as admin...
OK
No service offerings found
This brings me to the suggestion that there are "no services installed". So my question is: how can I install a clearDB service in a local CF environment - and is this possible at all, since the Github projects says something like
Prior to deployment, the operator should define three subnets via their infrastructure provider. The MySQL release is designed to be deployed across three subnets to ensure availability in the event of a subnet failure. During installation, a fourth subnet is required for compilation vms.
Any help / resource is highly appreciated. Thanks a lot!
Cloud Foundry as a Pivotal-sponsored open source project predates Cloud Foundry as its own independent open source project, so what you're seeing is actually shared documentation that still has some references specific to Pivotal Web Services: http://docs.run.pivotal.io/buildpacks/java/gsg-spring.html. I'd encourage you to raise the issue against the buildpacks documentation repo (https://github.com/cloudfoundry/docs-buildpacks/issues), you can reference this search result: https://github.com/cloudfoundry/docs-buildpacks/search?utf8=%E2%9C%93&q=cleardb
All it means is you need a MySQL database service. Hosted Cloud Foundry offerings often have ready-to-go MySQL service offerings (such as ClearDB) in their marketplaces; if you're deploying your own Cloud Foundry then you have a couple options.
Provision a MySQL database externally (not as part of your BOSH-Lite), and bind it to your application as a "user-provided service": https://docs.cloudfoundry.org/devguide/services/user-provided.html
Deploy your own MySQL service to BOSH-Lite and register a service broker. Here's a release that's ready to use, with instructions for deploying: https://github.com/cloudfoundry/cf-mysql-release
I just deployed a .NET application using SQL Server via Elastic Beanstalk.
It seems like my newly deployed application can't connect to my database. I just followed this video: http://www.youtube.com/watch?v=z-N0z5K_WFI (except I encountered issues during deployment where I had to untick incremental deploy)
I was able to connect to the db using SQL management studio. I also tried running the app locally while connecting to the amazon RDS db and has success. After deployment, checking the site and trying to login/register, I get this error:
No data received
Unable to load the webpage because the server sent no data.
Here are some suggestions:
Reload this webpage later.
Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.
The only thing in my mind right now is that my EC2 or application can't connect to the Database.
Is this a CIDR issue?
Couple of things to consider -
Is the port for your RDS database instance being blocked?
When you deployed your app, you should have seen a page in the wizard asking if you wanted the EC2 security group for your deployed Elastic Beanstalk instance to be added to the RDS security group for your database instance. You need to checkmark the relevant RDS security group too.
There's also an updated video from last year's AWS re:Invent conference that shows deployment of a SQL Server based app to RDS/Elastic Beanstalk - http://youtu.be/5N352oeYmqE
Hope this helps.