example.
i am using cloud-formation for this
have to create A and B instance to handle traffic.
when A is created using stack resource have to check by using http request for A.
if A is given 200 ok .. then I will proceed with creation of B instance .
if A is not running and up then have to rollback this stack.
need help to how to make https request with the created resource within same stack and on the basis of response move further or rollback.
Related
I am working on creating a new request in AWS API Gateway. I am having issues with a 404 not found on the URL request.
The request (had to create fake one for the question):
GET https://hello.stackoverflow.com/services/misc/myroute/v1/swagger.json
I created a route in API Gateway ANY /services/misc/myroute/{proxy+}
I attached the route to a Load Balancer Listener integration
I set up the listener rule in the Load Balancer:
IF Path is /services/misc* Then Forward to Target
IF Requests otherwise not routed Then Forward to Default
Created logs for this system in the AWS API Gateway: Monitor -> Logging -> Set Log Destination
Set variables for the log format using the $context variables, Context Variables
Ex Log:
{ "requestId":"QWRHQKWFHWAFZ=",
"routeKey":"ANY /services/misc/myroute/{proxy+}",
"path":"/services/misc/myroute/v1/swagger.json",
"domain":"hello.stackoverflow.com",
"domain_prefix":"hello",
"httpMethod":"GET", "status":"404","protocol":"HTTP/1.1", "endpoint":-" }
One final check I have done to make sure its completing its "route" was see the requests in the monitoring and seeing the 4xx come from this ALB listener.
I can send the request via localhost and get a response with the json body
GET https://localhost:8080/v1/swagger.json --> Status 200 OK with body filled
In my quest to solve the issue, it has lead me to many older (2019) stack overflow questions that seem to be outdated with the AWS Console, same with the AWS documentation. See links below...
AWS API Gateway Method request path parameter not working
AWS API Gateway 404 page not found error when invoking endpoint url
AWS API Gateway Method request path parameter not working
With this being my first project in the AWS cloud space, I am not sure where else to turn. My guess would be the authentication headers from the API Gateway are being lost, but not sure where I can see this loss happening.
From my understanding of how the AWS Request Flow goes, I created this diagram:
We've deployed 2 java services on SAP CF and both are deployed in the same space and bound to the same Xsuaa instance.
Now Service A needs to call service B with the access token of the user. Service A already has the current access token available in the current user context. I'd like to use the destination service for this, instead of calling the service B exposed URL directly. But I'm having trouble setting this up.
What do I need to put in the destination? An OAuth2JwtBearer?
If using an OAuth2JwtBearer, then what are the proper clientId/clientSecret, the ones from XSUAA?
When using a JWT Bearer destination, I get the following error: "Unable to map issuer, http://gvrn-development.localhost:8080/uaa/oauth/token , to a single registered provider"
Any help on this would be great.
I’m currently experimenting on Metaflow. I followed the documentation and was able to deploy an aws setup with the given cloud formation template.
My question is why is that I’m always getting a:
message: "Missing Authentication Token"
when I access METAFLOW_SERVICE_URL in the browser, even if I made sure that the APIBasicAuth was set to false during the creation of cloudformation?
Shouldn’t this setting make the metadata/metaflow service accessible without the authentication/api key?
How can I resolve this? Or is this expected? That is, I cannot really view the metadata/metaflow service url via browser?
Thanks in advance
This was resolved under this github issue.
You still need to set the x-api-key header if you are trying to access the service url via the browser. To get the api-key you can go to the aws console
Api Gateway -> Api Keys -> show api key
Alternatively you can use the metaflow client in the sagemaker notebook which should be automatically setup for you via the template.
Also worth mentioning that there are two sets of endpoints: The one provided by the api gateway (which you seem to be hitting) and the one provided by the service itself. The api gateway forwards the requests the the service endpoints but needs the x-api-key to be set in the header. You can probably try hitting the service endpoints directly since you disabled auth.
I've keycloak 4.0.0 installed on two debian stretch machines. Those are configured in standalone clustered mode.
Both share a mysql cluster database instance and a load balancer is doing HA.
I've a code which needs to validate tokens against introspection endpoint put it's not working half of the time.
This is actually because load balancer is doing its job and consequently easy to reproduce:
ask a token on /auth/realms//protocol/openid-connect/token on server 1
call introspection endpoint /auth/realms//protocol/openid-connect/token/introspect to check the access token provided by the server 1 on server 2
If I call the introspection endpoint on server I've the json response I expect, but on server 2 I just have active: false.
This is quite strange because sessions are replicated on admin interface in "show sessions".
Any ideas ?
Thanks !
Rémi
I was facing the same issue.
for introspect api , try setting the host header.
For ex: when hitting /protocol/openid-connect/token api pass header "host: foo"
Now when hitting the protocol/openid-connect/token/introspect api set header "host: foo"
I want to use rest api( but i don't want to use curl command , i mean i want to use invokehttp procesor for making post commands to delete queue flowfiles and start/stop processor ) I used Autorization Bearer Token like this:
eyJhbGciOiJIUzI1LiJ9.eyJzdWIiOiJzLLRraGlsYWlzaHZpbGlAQ1JBLSdLIiwiaXLzIjoiS2VyYmVyb3LQcm92aWRlciIsImL1ZCI6IStlcmJlcm9zUHJvdmlSZXIiLCJwcmVmZXJyZWRLdXLlcm5hbWUiOiJzLLRraGlsYWlzaHZpbGlAQ1JBLSdLIiwia2lSIjo1LCJleHAiOjE1MDQwMzA2LTQsImlhdCI6MTUwMzS4LzQ1LH0.VxxpvLQbGm3H475g1yScvg5B89WSws3lZUwBrUM4OvE
I have added autorization attribute in invokehttp and added link like this https://server ip/nifi-api/acess/token after this i have added another invokehttp with post command and url like this :https://server ip/nifi-api/flowfile-queues/{id}/drop-requests ( p.s i want to clear queue from flowfile) but first invokehttp shows me exceptions like this :Socket timeout exception and there are several subject i am interested in :
Is it possible that my user doesn't have access to berer token and that's why socket timeout happens? if it is how can i checke this.
if i have secured nifi is it possible to use invokehttp processor without ssl context service to fulfill this accsess/token operation?
Do you have any better idea to rest api without bearer token
except using ssl context service?
socket timeout is a physical error not linked to auth
when auth is activated for nifi then you must use ssl context to access nifi-api
no. if auth activated on server side then client have to pass it.