I am trying to find a way to update the cloud watch Arn in AWS APIGateway using AWS CLI or API method if available.
The CloudWatch ARN can be set using the API Gateway by performing a PATCH on the cloudwatchRoleArn property of the Account resource. See http://docs.aws.amazon.com/apigateway/api-reference/resource/account/#cloudwatchRoleArn
Using the AWS CLI, the CloudWatch ARN can be set by calling update-account. See http://docs.aws.amazon.com/cli/latest/reference/apigateway/update-account.html
Using the Java SDK, the CloudWatch ARN can be set by calling updateAccount.
Related
I am working on a project in which I have created a k8s cluster to run selenium grid locally. I want to schedule the tests to run and until now I have tried to create a Jenkins cron job to do so. For that I am using k8s plugin in Jenkins.
However I am not sure about the steps to follow. Where should I be uploading the kube config file? There are a few options here:
Build Environment in Jenkins
Any ideas or suggestions?
Thanks
Typically, you can choose any option, depending on how you want to manage the system, I believe:
secret text or file option will allow you to copy/paste a secret (with a token) in Jenkins which will be used to access the k8s cluster. Token based access works by adding an HTTP header to your requests to the k8s API server as follows: Authorization: Bearer $YOUR_TOKEN. This authenticates you to the server. This is the programmatic way to access the k8s API.
configure kubectl option will allow you to perhaps specify the config file within Jenkins UI where you can set the kubeconfig. This is the imperative/scriptive way of configuring access to the k8s API. The kubeconfig itself contains set of keypair based credentials that are issued to a username and signed by the API server's CA.
Any way would work fine! Hope this helps!
If Jenkins is running in Kubernetes as well, I'd create a service account, create the necessary Role and RoleBinding to only create CronJobs, and attach your service account to your Jenkins deployment or statefulset, then you can use the token of the service account (by default mounted under /var/run/secrets/kubernetes.io/serviceaccount/token) and query your API endpoint to create your CronJobs.
However, if Jenkins is running outside of your Kubernetes cluster, I'd authenticate against your cloud provider in Jenkins using one of the plugins available, using:
Service account (GCP)
Service principal (Azure)
AWS access and secret key or with an instance profile (AWS).
and then would run any of the CLI commands to generate a kubeconfig file:
gcloud container clusters get-credentials
az aks get-credentials
aws eks update-kubeconfig
AWS Elasticsearch supports following encryption option:
* Require HTTPS for all traffic to the domain
But there is no available option in CloudFormation resource:
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html
Do you know if there are any way to set it using CloudFormation?
As feature was recently released, it is not yet available in CloudFormation or Terraform, but it could be done via CLI after Domain will be provisioned:
aws es update-elasticsearch-domain-config --domain-name <name> \
--domain-endpoint-options EnforceHTTPS=true,TLSSecurityPolicy=Policy-Min-TLS-1-2-2019-07
This feature has been released to Cloudformation August 11th 2020 and is now available both in Cloudformation as well as Terraform:
Cloudformation: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-configuration-api.html#es-configuration-api-datatypes-domainendpointoptions
Terraform: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#enforce_https
I want to install MarkLogic solution in AWS eu-west-1 region using cloud formation template available in http://developer.marklogic.com/products/cloud/aws but the stack fails to create launch configuration.
I have downloaded the cloud formation template from the link http://developer.marklogic.com/products/cloud/aws and created a AWS cloud formation stack from "mlcluster.template" which is available in the above link but the stake failed during launch configuration set up. Not able to fix the template. Any suggestions ?
Problem got fixed. It is a configuration mistake.
For the IAM role parameter in AWS cloud formation stack I have to provide only the IAM name and not the entire ARN. Initially I provided the IAM ARN and it probably confused the resource name while creating an Auto Scaling Launch Configuration.
I provision AWS Elasticsearch service with Terraform and want to setup CloudWatch alarms for some metrics like CPU Usage etc. also by using Terraform.
In order to do it I have to put NodeId to aws_cloudwatch_metric_alarm resource:
The problem is that aws_elasticsearch_domain resource doesn't have suitable Attributes Reference
And I also haven't found anything suitable in aws es cli
https://docs.aws.amazon.com/cli/latest/reference/es/index.html
Any ideas how to get this NodeId to use in Terraform?
You can get the nodeId from elasticsearch api instead of relying on aws sdk/cli.
Specifically, you can query the cat/nodes api.
Link for reference: https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html
I am trying to create scheduled task with cloudwatch.
I am using this page
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html
The problem i see is when i run task normally then aws asks
vpc
subnets
Launchtype
BUT when i use cloudwatch target then it dont ask for vpc, subnets etc. why is that ?
CloudFormation has not been updated to accommodate some Fargate functionality yet. If you get an error while trying to deploy an ECS task from CloudFormation,
try using the command line interface (aws events put-target) instead, which allows you to add a target that contains the required ECS parameters for launch type and network config.
Here is an example of how I configured my ECS tasks to be deployed from the CLI instead of CloudFormation:
1. Add vpc/subnet config to a variable, NETWORK_CONFIGURATION:
NETWORK_CONFIGURATION='{"awsvpcConfiguration":{"AssignPublicIp":"ENABLED","SecurityGroups": \["'${AWS_NETWORKCONFIG_SECURITY_GROUP}'"],"Subnets":["'${AWS_NETWORKCONFIG_SUBNET}'"]}}'
Run the following command to deploy your task, which will take the vpc config from the variable declared above
aws events put-targets \
--rule events-rule--${TASK_NAME} \
--targets '{"Arn":"arn:aws:ecs:'${AWS_REGION}':'${AWS_ACCOUNT_ID}':cluster/ecs-cluster-1","EcsParameters":{"LaunchType":"FARGATE","NetworkConfiguration":'${NETWORK_CONFIGURATION}',"TaskCount": 1,"TaskDefinitionArn": "arn:aws:ecs:'${AWS_REGION}':'${AWS_ACCOUNT_ID}':task-definition/ecs-task-'${TASK_NAME}'"},"Id": "ecs-targets-'${TASK_NAME}'","RoleArn": "arn:aws:iam::'${AWS_ACCOUNT_ID}':role/ecsEventsRole"}' \
;