I am trying to load balance several azure functions HTTP triggers using FrontDoor, but I am having issues with the health probes.
Our functions use OAUTH auth and thus all probes fail.
I have tried adding the warmup_path env pointing to healthprobe.html but the function seems to have hardcoced URL to add /api/healthprobe.html so I cannot get the probes to answer properly on that URL since the healthprobe URL is not configurable in front door
Related
I am working on creating a new request in AWS API Gateway. I am having issues with a 404 not found on the URL request.
The request (had to create fake one for the question):
GET https://hello.stackoverflow.com/services/misc/myroute/v1/swagger.json
I created a route in API Gateway ANY /services/misc/myroute/{proxy+}
I attached the route to a Load Balancer Listener integration
I set up the listener rule in the Load Balancer:
IF Path is /services/misc* Then Forward to Target
IF Requests otherwise not routed Then Forward to Default
Created logs for this system in the AWS API Gateway: Monitor -> Logging -> Set Log Destination
Set variables for the log format using the $context variables, Context Variables
Ex Log:
{ "requestId":"QWRHQKWFHWAFZ=",
"routeKey":"ANY /services/misc/myroute/{proxy+}",
"path":"/services/misc/myroute/v1/swagger.json",
"domain":"hello.stackoverflow.com",
"domain_prefix":"hello",
"httpMethod":"GET", "status":"404","protocol":"HTTP/1.1", "endpoint":-" }
One final check I have done to make sure its completing its "route" was see the requests in the monitoring and seeing the 4xx come from this ALB listener.
I can send the request via localhost and get a response with the json body
GET https://localhost:8080/v1/swagger.json --> Status 200 OK with body filled
In my quest to solve the issue, it has lead me to many older (2019) stack overflow questions that seem to be outdated with the AWS Console, same with the AWS documentation. See links below...
AWS API Gateway Method request path parameter not working
AWS API Gateway 404 page not found error when invoking endpoint url
AWS API Gateway Method request path parameter not working
With this being my first project in the AWS cloud space, I am not sure where else to turn. My guess would be the authentication headers from the API Gateway are being lost, but not sure where I can see this loss happening.
From my understanding of how the AWS Request Flow goes, I created this diagram:
I’m currently experimenting on Metaflow. I followed the documentation and was able to deploy an aws setup with the given cloud formation template.
My question is why is that I’m always getting a:
message: "Missing Authentication Token"
when I access METAFLOW_SERVICE_URL in the browser, even if I made sure that the APIBasicAuth was set to false during the creation of cloudformation?
Shouldn’t this setting make the metadata/metaflow service accessible without the authentication/api key?
How can I resolve this? Or is this expected? That is, I cannot really view the metadata/metaflow service url via browser?
Thanks in advance
This was resolved under this github issue.
You still need to set the x-api-key header if you are trying to access the service url via the browser. To get the api-key you can go to the aws console
Api Gateway -> Api Keys -> show api key
Alternatively you can use the metaflow client in the sagemaker notebook which should be automatically setup for you via the template.
Also worth mentioning that there are two sets of endpoints: The one provided by the api gateway (which you seem to be hitting) and the one provided by the service itself. The api gateway forwards the requests the the service endpoints but needs the x-api-key to be set in the header. You can probably try hitting the service endpoints directly since you disabled auth.
Have installed VSTS agent in a very locked down environment. It makes a connection to VSTS, gets job but fails when downloading artefact. Gives error
Error: in getBuild, so retrying => retries pending : 4.
It retries 4 times and fails.
The agent is going thru a proxy. Have setup the proxy using ./config --proxyurl and also set HTTP_PROXY AND HTTPS_PROXY system environment vars.
The proxy is very limiting in that URLS are locked down, there is no authentication required. Does anybody know what URLs the agent accesses? Am hoping if can get a definitive list this will solve the issue. If anybody knows how can get a list would be great. Or maybe I have misconfigured?
Any ideas?
Tyring to run VSTS agent thru a proxy which limits sites
According to the document
I'm running a firewall and my code is in Azure Repos. What URLs does the agent need to communicate with?:
To ensure your organization works with any existing firewall or IP
restrictions, ensure that dev.azure.com and dev.azure.com are open
and update your allow-listed IPs to include the following IP
addresses, based on your IP version. If you're currently allow-listing
the 13.107.6.183 and 13.107.9.183 IP addresses, leave them in place,
as you don't need to remove them.
And With just the organization's name or ID, you can get its base URL using the global Resource Areas REST API (https://dev.azure.com/_apis/resourceAreas). This API doesn't require authentication and provides information about the location (URL) of the organization as well as the base URL for REST APIs, which can live on different domains.
Please check this document Best practices for working with URLs in Azure DevOps extensions and integrations for some more details.
Hope this helps.
If it is a test stage (in Api Gateway) I would like to be able to add the stage name explicitly to the url or remove from the api call. Both should hit the stage environment.
Setup a regional rest API Gateway
Configured GET method /test/v1/health (test is stage name)
Deployed API
I can access it using the URL https://.execute-api..amazonaws.com/test
I can make calls to https://api-id.execute-api.region.amazonaws.com/test/v1/health and it is all good
Setup a regional custom domain api.example.com
Added a Base Path Mappings /v1 to test environment. Basically I would like to call https://api.example.com/v1/health since I want to have multiple stages but I don't want to specify test environment in the url. This should be optional.
Created a Cloudfront distribution and setup the origin to be the regional custom domain such as d-api-id.execute-api.region.amazonaws.com (note the d since this is regional) and Origin Path blank.
Updated my external DNS CNAME to map api.example.com to the cloudfront address.
Try to call https://api.example.com/v1/health and I get an HTTP 403.
Not sure what is going wrong here. Any ideas how to fix this issue would be appreciated.
Bluemix availability monitoring provides scripting support for Selenium only. Is there a way, I can have my shell or bash script that does following
- Builds a url
- Calls url using curl
- Process the response
My current urls are protected by Bluemix IAM. To call url, I need to pass access token in the header. The access token expires every hour which makes it impossible to use Bluemix availability monitoring service.
Currently there is only selenium script support.
There are plans for javascript (not shell) for REST APIs, but there are no firm dates when that might be available.
IAM tokens that expire every hour will make it difficult to monitor regardless of choice of monitoring mechanism. I am not familiar enough with IAM to provide much advice. Perhaps a second process outside the monitoring can refresh the accessToken?
Some who use Bluemix Availability Monitoring use APIConnect. Perhaps those tokens are less ephemeral, but I'm not sure how to map APIConnect access to IAM.