I have created a Global Cosmos account and successfully executed Map Reduce Job example.Now I want to execute a simple Usecase using my Orion. I have created a private Orion instance in Fiware-lab.Now, how Global cosmos instance can subscribe to my private Orion instance i.e. what i have to give in reference body as shown in url:https://imgur.com/a/1Oc5p3u
.I have to use any other GE like Cygnus for their interaction?Is there any document for Cosmos-Orion interaction?
Also,Can i ssh to Global Cosmos instance to access my logs?
Related
I am running a small go application inside ec2 instance. It access Amazon SQS as a consumer. I have configured keys at ~/.aws/credential file. The EC2 instance has been assigned an IAM role.
Can my go application use the IAM role assigned to the EC2 instance?
If yes, how that can be done using configurations without a code change ?
If role is configured, should I still provide keys in somewhere ?
If you used github.com/aws/aws-sdk-go-v2/config and config.LoadDefaultConfig() method to retrieve AWS credentials,
Yes. Your application will retrieve temporary credentials with IAM Role you assigned.
aws-sdk-go-v2 will retrieve credentials from instance metadata. Detailed retrieving process is described AWS official docs here. "How do roles for EC2 instances work" section describes the process as below.
When the application runs, it obtains temporary security credentials from Amazon EC2 instance metadata, as described in Retrieving Security Credentials from Instance Metadata. These are temporary security credentials that represent the role and are valid for a limited period of time.
With some AWS SDKs, the developer can use a provider that manages the temporary security credentials transparently. (The documentation for individual AWS SDKs describes the features supported by that SDK for managing credentials.)
Alternatively, the application can get the temporary credentials directly from the instance metadata of the EC2 instance. Credentials and related values are available from the iam/security-credentials/role-name category (in this case, iam/security-credentials/Get-pics) of the metadata. If the application gets the credentials from the instance metadata, it can cache the credentials.
Also you can refer to here about aws-sdk-go-v2's credential retrieval order.
You don't have to provide key. aws-sdk-go-v2 will retrieve it from EC2 instance metadata.
I have created a ServiceBus namespace in Azure, along with a topic and a subscription. I also have a simple Azure version 1 function that triggers on a received topic in the ServiceBus, like this:
[FunctionName("MyServiceBusTriggerFunction")]
public static void Run([ServiceBusTrigger("myTopic", "mySubscription", Connection = "MyConnection")]string mySbMsg, TraceWriter log)
{
log.Info($"C# ServiceBus topic trigger function processed message: {mySbMsg}");
}
The function triggers nicely for the topics in the ServiceBus when I define the connection string in functions Application Settings by using Shared Access Policy for topic, like this:
Endpoint=sb://MyNamespace.servicebus.windows.net/;SharedAccessKeyName=mypolicy;SharedAccessKey=UZ...E0=
Now, instead of Shared Access Keys, I would like to use Managed Service Identity (MSI) for accessing the ServiceBus. According to this (https://learn.microsoft.com/en-us/azure/active-directory/managed-service-identity/services-support-msi) it should be possible, unless I have misunderstood something. I haven't managed to get it working though.
What I tried, was to
set the Managed Service Identity "On" for my function in Azure portal
give Owner role for the function in ServiceBus Access Control section in Azure Portal
set the connection string for MyFunction like this: Endpoint=sb://MyNamespace.servicebus.windows.net/
The function is not triggering in this set-up, so what am I missing or what am I doing wrong?
I'd be grateful for any advice to help me get further. Thanks.
Update for Microsoft.Azure.WebJobs.Extensions.ServiceBus version 5.x
There is now an offical docs for the latest version of the package in here.
{
"Values": {
"<connection_name>__fullyQualifiedNamespace": "<service_bus_namespace>.servicebus.windows.net"
}
}
Previous answer:
This actually seems to be possible now, at least worked just fine for me. You need to use this connection string:
Endpoint=sb://service-bus-namespace-name.servicebus.windows.net/;Authentication=ManagedIdentity
I have not actually found any documentation about this on Microsoft site, but in a blog here.
Microsoft does have documentation though on roles that you can use and how to limit them to scope in here. Example:
az role assignment create \
--role $service_bus_role \
--assignee $assignee_id \
--scope /subscriptions/$subscription_id/resourceGroups/$resource_group/providers/Microsoft.ServiceBus/namespaces/$service_bus_namespace/topics/$service_bus_topic/subscriptions/$service_bus_subscription
what am I missing or what am I doing wrong?
You may mix up with MSI and Shared Access Policy.They are using different provider to access to Azure servicebus. You could just use connectionstring or just use MSI to authenticate.
When you use Managed Service Identity(MSI) to authenticate, you need to create a token provider for the managed service identity with the following code.
TokenProvider.CreateManagedServiceIdentityTokenProvider(ServiceAudience.ServiceBusAudience).
This TokenProvider's implementation uses the AzureServiceTokenProvider found in the Microsoft.Azure.Services.AppAuthentication library. AzureServiceTokenProvider will follow a set number of different methods, depending on the environment, to get an access token. And then initialize client to operate the servicebus.
For more details, you could refer to this article.
When you use servicebus connectionstring to access which using the Shared Access Token (SAS) token provider, so you can operate directly.
Agreed that from azure function we cannot access the resource like ASB directly. However, one still does not need to put in the password in this case "SharedAccessKeyName" in the connectionstring directly.
Azure function can work with Azure KeyVault. Thus one can store the connectionstring with sensitive information as a secret in the KeyVault and then grant System assigned identity from azure functions access over KeyVault and then specify the value for the settings in the portal as
#Microsoft.KeyVault(SecretUri={theSecretUri})
Details on how to achieve the above is mentioned in the following blog.
https://medium.com/statuscode/getting-key-vault-secrets-in-azure-functions-37620fd20a0b
This will still avoid specifying the connectionstring directly in Azure functions and provides with single point of access via Vault to be disabled in case of a security breach
I am trying to retrieve an image from my Object Storage service using Node-Red.
I imported the Object Storage nodes in my Node-Red instance running on IBM Bluemix and I am trying to use the "get" node but I cannot figure out how to correctly connect it to the Object Storage service.
I set the option to get the configuration details from the Bluemix Service, but when deploying I would always get an error saying "Object Storage Put (err): No object storage configuration found!".
If instead I use the option for API based configuration information, I need to fill out fields which I cannot find on my VCAP_SERVICES or the Object Storage service credentials. The fields that need to be filled in are shown
but my service credentials only include:
"apikey"
"endpoints"
"iam_apikey_description"
"iam_apikey_name"
"iam_role_crn"
"iam_serviceid_crn"
"resource_instance_id"
Can anyone point me in the right direction?
The node-red object storage contribution available in this link:
https://flows.nodered.org/node/node-red-contrib-objectstore
was designed to be integrated with the Swift Object Storage in Bluemix (IBM Cloud Platform).
If you go the Catalog link below:
https://console.bluemix.net/catalog/infrastructure/object-storage-group
there are 4 options, the one you previously selected and is trying to connect is probably the first on the left side and will not integrate with node-red-contrib-objectstorage. T
To integrate with node-red you need to create an instance of the Object Storage service on the far right: Object Storage OpenStack Swift for Bluemix
Is there a way through the aws api to get the connection string for a RDS database? Something in the form of:
postgres://username:password#host/db_name
No there's no API call that will build that string for you.
However, using the DescribeDBInstances API call you can retrieve the MasterUsername, DBName ("the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created") and host (through the Endpoint.Address field) and build the string yourself.
For the password, you'll have to provide it yourself in a secure manner, since RDS cannot retrieve it through API calls.
I have an existing java springboot application that uses springDataMongo api to connect to an underlying Mongodb instance.
I need to use the existing springDataMongo api classes but instead of Mongodb, I need to connect Cosmos Db.
I have looked it up on documentation for azure Cosmos db api for Mongodb but didn't get hold of what I am trying to do.
Can someone let me know if what I am doing is possible and if yes, point me to a relevant documentation for the same.
Yes, it is possible to connect to Azure Cosmos DB MongoDB API using springDataMongo.
What you need to do is copy the Cosmos DB connection string from the Azure portal and then put it into spring.data.mongodb.uri in application.properties file of your spring boot project.
application.properties
#mongodb
spring.data.mongodb.uri=mongodb://[username]:[passowrd]#[cosmosdbName].documents.azure.com:10255/?ssl=true
spring.data.mongodb.database=[dababaseName]
After that done, you can check this guide out: Accessing Data with MongoDB.