#StackBounty: #java #amazon-web-services #spring-boot #spring-cloud #spring-cloud-config Why Integrating Spring Cloud application with …

Bounty: 50

Intent : I am working on a POC which intends to use AWS Parameter store as a property store.This would store the confidential application properties in AWS SSM’s Parameter store.I am using Java 8 with spring boot/cloud version 2.

Resource : I followed this ref guide from spring docs
and

also a comprehensive article Integrating the AWS Parameter Store with Spring Cloud .Hence was trying to utilize

spring-cloud-starter-aws-parameter-store-config.jar

and hence added required dependency in the build file.

Expected output :

enter image description here

Actual output :

enter image description here

Here is snapshot from AWS console I am trying to access below shown parameters from AWS parameter store

enter image description here

Below are my spring property files:

application.yml

enter image description here

bootstrap.yml

enter image description here

I am using maven with below dependencies in POM.xml

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.1.RELEASE</version>
    </parent>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-aws-parameter-store-config</artifactId>
        </dependency>
    </dependencies>

Am I missing something here?? Please let me know if someone has already faced and resolved this issue.

I am able to put and get parameter from command line,its just not able to get this java lib working.

GitHub repo of the sample I am trying –

GitHub repo link


Get this bounty!!!

#StackBounty: #php #amazon-web-services #cron #scheduled-task #amazon-ecs What is the best way to run cronjob in AWS ECS?

Bounty: 50

I have a web app powered by Laravel that is set up on AWS ECS. I would need to run an artisan command as a cronjob.

I’m looking at “Scheduled Tasks” in ECS Cluster configuration. I can launch new tasks following the “Scheduled Tasks (Cron)” documentation on AWS. I’m using the Laravel’s Task Definition in the Target which I use for web services & it has two tasks.

  1. Not sure how I can invoke the artisan command
  2. The scheduled task seems running forever

Any help would be greatly appreciated. Thank you.


Get this bounty!!!

#StackBounty: #amazon-web-services #aws-lambda #aws-api-gateway #serverless API Gateway Authorizer and Logout (Performance/Security Con…

Bounty: 500

I am using Cognito, API Gateway and Authorizers. Authorizers are configured to be cached for 5mins for performance. I felt that this is a nice feature.

I understand that authorizers are a good way to keep auth logic in one place and apps can assume users are already authorized. However, I am having my doubts.

The pentest report recommends that once logged out tokens should not be able to be used. So it means for security, I should not enable authorizer caching? It also means all authenticated APIs will have a go through one overhead of a lambda authorizer …

Also from a coding perspective, isit really a good idea to use authorizers which are hard to test end to end? I could test the lambda function as a unit. But whats more important to me is they are attached to the correct APIs. Theres currently no way I see that allows me to test this easily.

Another problem is looking at the code, I can no longer tell what authorization is required easily … I have to look through which authorizer is supposed to be attached (eg. CloudFormation) then the lambda code itself.

Is there a good thing from using Authorizers? Or whats the best practice with this actually?


Get this bounty!!!

#StackBounty: #amazon-web-services #amazon-cloudformation #amazon-elastic-beanstalk Adding environment variable with AWS CloudFormation…

Bounty: 100

I have an AWS Beanstalk application and environment created using the following CloudFormation template:

MyApp:
    Type: 'AWS::ElasticBeanstalk::Application'
    Properties:
        ApplicationName: MyAppName

InitialApplication:
    Type: 'AWS::ElasticBeanstalk::ApplicationVersion'
    Properties:
        ApplicationName: !Ref MyApp
        Description: Version 1.0
        SourceBundle:
            S3Bucket: !Sub 'elasticbeanstalk-samples-${AWS::Region}'
            S3Key: ecs-sample.zip

AppEnvironment:
    Type: 'AWS::ElasticBeanstalk::Environment'
    Properties:
        ApplicationName: !Ref MyApp
        Description: staging
        TemplateName: !Ref AppConfigurationTemplate
        VersionLabel: !Ref InitialApplication

AppConfigurationTemplate:
    Type: 'AWS::ElasticBeanstalk::ConfigurationTemplate'
    DependsOn:
        - MySecurityGroup
    Properties:
        ApplicationName: !Ref MyApp
        Description: My Configuration Template
        SolutionStackName: '64bit Amazon Linux 2018.03 v2.11.2 running Multi-container Docker 18.03.1-ce (Generic)'
        OptionSettings:
            # Lots of options here

            # Application environment variables
            - Namespace: aws:elasticbeanstalk:application:environment
              OptionName: MY_APP_OPTION
              Value: SOME_VALUE

The problem is that if I add an environment variable to my application (i.e. in the aws:elasticbeanstalk:application:environment namespace), Beanstalk resets the application version of the environment to the initial application. So suppose I created the CloudFormation stack a year ago and have since deployed 50 versions of my app… If I then add an environment variable through CloudFormation, the environment’s application is reset to the sample application. This will of course break everything, as databases have changed, etc. What I want, is of course to add/modify environment variables without changing the deployed application version within the Beanstalk environment.

Why does Beanstalk reset my application when making this change, and is there any way to prevent it?

Thanks in advance!


Get this bounty!!!

#StackBounty: #amazon-web-services #amazon-cloudformation #pipelining What is an AWS CodeStar SyncResource?

Bounty: 100

I used CodeStar to create a DataPipeline that:

  1. Downloads code from my github repo
  2. Tests it in CodeBuild,
  3. Creates/executes a CloudFormation changeset on a CloudFormation stack that CodeStar created
  4. Which creates/updates a lambda.

The CloudFormation Stack template references CodeStar::SyncResources. I also noticed the lambda function it created is actually part of a “Lambda Application”. the Application has 2 resources: The lambda, and the “SyncResources”

The Cloudformation ChangeSet uses this and I notice that when I push a commit where the function’s code isn’t changed (for example, when I change the README), the SyncResources gets passed in the ChangeSet execution, but not the lambda itself. If I comment the changeset out in the template than the lambda gets updated everytime even if it isn’t changed.

what the heck is this thing? Couldn’t find any documentation.


Get this bounty!!!

#StackBounty: #amazon-web-services #amazon-ec2 #amazon #amazon-iam AWS SSM Policy doesn't work like the documentation

Bounty: 100

I tried to provide a policy following the samples here: https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-examples.html

But, I keep getting a warning and it does not work.

These are all I tried so far:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowStartSessionExceptProd",
            "Effect": "Allow",
            "Action": [
                "ssm:StartSession"
            ],
            "Resource": "*",
            "Condition": {
                "StringNotLike": {
                    "ssm:resourceTag/environment": [
                        "prod",
                        "Prod"
                    ]
                }
            }
        }
    ]
}

Or

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowStartSessionExceptProd",
            "Effect": "Allow",
            "Action": [
                "ssm:StartSession"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "arn:aws:ec2:*:*:instance": [
                        "i-myInstanceId1",
                        "i-myInstanceId2"
                    ]
                }
            }
        }
    ]
}

Or even I tried to use more resource-based conditions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowStartSessionExceptProd",
            "Effect": "Allow",
            "Action": [
                "ssm:StartSession"
            ],
            "Resource": "*",
            "Condition": {
                "StringNotLike": {
                    "ssm:resourceTag/environment": [
                        "prod",
                        "Prod"
                    ],
                    "arn:aws:ec2:*:*:resourceTag/environment": [
                        "prod",
                        "Prod"
                    ],
                    "ec2:resourceTag/environment": [
                        "prod",
                        "Prod"
                    ]
                }
            }
        }
    ]
}

In general, all I want to do is allow access to start session in SSM on servers which are not prod servers.
My EC2 prod servers all have a tag environment:prod

I appreciate any help.


Get this bounty!!!

#StackBounty: #amazon-web-services #pgadmin AWS database single column adds extremely much data

Bounty: 150

I’m retrieving data from an AWS database using PgAdmin. This works well. The problem is that I have one column that I set to True after I retrieve the corresponding row, where originally it is set to Null. Doing so adds an enormous amount of data to my database.

I have checked that this is not due to other processes: it only happens when my program is running.
I am certain no rows are being added, I have checked the number of rows before and after and they’re the same.

Furthermore, it only does this when changing specific tables, when I update other tables in the same database with the same process, the database size stays the same. It also does not always increase the database size, only once every couple changes does the total size increase.

How can changing a single boolean from Null to True add 0.1 MB to my database?

I’m using the following commands to check my database makeup:

To get table sizes

SELECT
    relname as Table,
    pg_total_relation_size(relid) As Size,
    pg_size_pretty(pg_total_relation_size(relid) - pg_relation_size(relid)) as External Size
FROM pg_catalog.pg_statio_user_tables ORDER BY pg_total_relation_size(relid) DESC;

To get number of rows:

SELECT schemaname,relname,n_live_tup 
  FROM pg_stat_user_tables 
  ORDER BY n_live_tup DESC;

To get database size:

SELECT pg_database_size('mydatabasename')


Get this bounty!!!

#StackBounty: #amazon-web-services #apache-2.4 #virtualhost #elastic-beanstalk Apache (2.4) only serves 1st virtual host found on elast…

Bounty: 50

I have an Elastic Beanstalk server which I am using for my employer’s main site, example.com and they want me to host one of their ancillary sites on it: go.example.com.

So I just created a new ebextension config to create a second vhost. The problem I found is that Apache (HTTPD) only wants to use the first vhost entry.

Here are my vhosts:

 # I have Apache listening on port 8080 because I have varnish in front of my sites.
    <VirtualHost *:8080>

        ServerName      example.com
        ServerAlias     www.example.com
        ServerAdmin     webmaster@example.com

        RewriteEngine On
        RewriteCond %{HTTP_HOST} ^example.com
        RewriteRule ^(.*)$ http://www.example.com%{REQUEST_URI} [R=301,L]

        DocumentRoot "/var/app/current/httpdocs"

        <Directory "/var/app/current">
            AllowOverride All
            Require all granted
        </Directory>

        <Directory "/var/app/current/cgi-bin">
            AllowOverride All
            Options None
            Require all granted
        </Directory>

        <Directory "/var/app/current/httpdocs">
            Options FollowSymLinks
            AllowOverride All
            DirectoryIndex index.html index.php
            Require all granted
        </Directory>

    </VirtualHost>
    #go.example.com
    <VirtualHost *:8080>

      ServerName      go.example.com
      ServerAlias     staging.go.example.com
      ServerAdmin     webmaster@example.com

      DocumentRoot    /var/www/go.example.com/httpdocs

      <Directory "/var/www/go.example.com">
          AllowOverride All
          Require all granted
      </Directory>

      <Directory "/var/www/go.example.com/httpdocs">
          Options FollowSymLinks
          AllowOverride All
          DirectoryIndex index.html index.php
          Require all granted
      </Directory>

So the server will always listen for example.com, and with the above vhost order example.com will serve /var/app/current/httpdocs while go.example.com is just a blank page.

If I swap the vhost order, so go.example.com is first, then example.com serves /var/www/go.example.com/httpdocs. And go.example.com is still a blank page.

Nothing is really jumping out at me, and I dont have this problem is I build a regular ol’ EC2.


Get this bounty!!!

#StackBounty: #amazon-web-services #docker #acl #amazon-ecs #vpc Why are "weird" TCP ports required for my AWS ECS app to pul…

Bounty: 500

I am using ECS with NLB in front. ECS is pulling images from ECR. The thing I cannot understand is why does ECS require me to open all TCP ports to be able to pull from ECR?

2 621567429603 eni-0f5e97a3c2d51a5db 18.136.60.252 10.0.12.61 443 55584 6 13 6504 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 10.0.12.61 54.255.143.131 44920 443 6 13 5274 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 54.255.143.131 10.0.12.61 443 44952 6 13 6504 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 10.0.12.61 18.136.60.252 55584 443 6 15 5378 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 10.0.12.61 18.136.60.252 55612 443 6 15 5378 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 52.219.36.183 10.0.12.61 443 51892 6 19 11424 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 10.0.12.61 54.255.143.131 44908 443 6 14 1355 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 52.219.36.183 10.0.12.61 443 51912 6 31807 44085790 1537798711 1537798719 ACCEPT OK
2 621567429603 eni-0f5e97a3c2d51a5db 18.136.60.252 10.0.12.61 443 55612 6 12 6452 1537798711 1537798719 ACCEPT OK

My flow logs above. 10.0.0.0/8 is my VPC private addresses. Notice say the first time SRC: 18.136.60.252:443 is accessing 10.0.12.61:55584 why this destination port?

Then next line 2 621567429603 eni-0f5e97a3c2d51a5db 10.0.12.61 54.255.143.131 44920 443 6 13 5274 1537798711 1537798719 ACCEPT OK. Why is my ECS requesting data using source port 44920. I am asking so I know how to open the correct ports. Currently because of the ports being so random, I need to open everything


Get this bounty!!!

#StackBounty: #ios #swift #amazon-web-services #aws-appsync #aws-appsync-ios How to set AWS Appsync request timeout limit || AWSAppSync…

Bounty: 50

I’m using AWS Appsync for the current App I’m developing and facing a serious issue that is Whenever I fire queries in Appsync client, when there is slow internet connection the request never end with a callback. I checked over internet there is limited source of information on this topic and also found this issue that is still open.

This is the code I used to get the response

func getAllApi(completion:@escaping DataCallback){
    guard isInternetAvailabele() else {
        completion(nil)
        return
    }
    // AppSyncManager.Client() is AWSAppSyncClient Object
    AppSyncManager.Client().fetch(query: GetlAllPostQuery(input: allInputs), cachePolicy:.fetchIgnoringCacheData) {
        (result, error) in
        var haveError:Bool = error != nil
        if let _ = result?.data?.getAllPostings?.responseCode {haveError = false} else {haveError = true}
        if haveError  {
            print(error?.localizedDescription ?? "")
            completion(nil)
            return
        }

        if result != nil{
            completion(result)
        }else{
            completion(nil)
        }
    }
}

The code works fine with internet connection and I have already checked at the top if there is no internet but when there is slow internet connection or the wifi is connected to a hotspot that I created with my mobile with internet data disabled the request doesn’t return any callback it should give failed alert like we get in other apis when the request time out.
Is there any support for request for request time out or did I miss something?

Note : I recieved these logs in Terminal

Task <06E9BBF4-5731-471B-9B7D-19E5E504E57F>.<45> HTTP load failed (error code: -1001 [1:60])
Task <D91CA952-DBB5-4DBD-9A90-98E2069DBE2D>.<46> HTTP load failed (error code: -1001 [1:60])
Task <06E9BBF4-5731-471B-9B7D-19E5E504E57F>.<45> finished with error - code: -1001
Task <D91CA952-DBB5-4DBD-9A90-98E2069DBE2D>.<46> finished with error - code: -1001


Get this bounty!!!