I want to run a Lambda when a specific secret is modified/created/removed from Secrets Manager.
I have deployed a cloudwatch event rule with the below event pattern with a target lambda.
{
"source": [
"aws.secretsmanager"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"secretsmanager.amazonaws.com"
],
"eventName": [
"CreateSecret",
"UpdateSecret",
"DeleteSecret",
"PutSecretValue"
]
}
}
The rule gets triggered for any API request hitting secretsmanager.amazonaws.com. Is there a way to filter on specific secrets that interest me?
{
"source": ["aws.secretsmanager"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["secretsmanager.amazonaws.com"],
"eventName": ["CreateSecret", "UpdateSecret", "DeleteSecret", "PutSecretValue"],
"requestParameters": {
"secretId": [{
"prefix": "arn:aws:secretsmanager:**AWS-REGION**:**AWS-ACCNT-ID**:secret:**PREFIX_SECRET_NAME**"
}]
}
}
}
requestParameters and secretId:
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"secretsmanager.amazonaws.com"
],
"eventName": [
"CreateSecret",
"UpdateSecret",
"DeleteSecret",
"PutSecretValue"
],
"requestParameters": {
"secretId": [
"arn:aws:secretsmanager:*:*:secret:secret_name"
]
}
}
}
Related
I have been trying to deploy an a Flask API to vercel and I am getting error that routes[0].header should be an object.
I am a beginner and trying to figure this out, any help is appreciated
my vercel.json is
`
{
"version": 2,
"builds": [
{
"src": "./index.py",
"use": "#vercel/python"
}
],
"routes": [
{
"src": "/(.*)",
"dest": "/",
"headers": [
{
"key": "access-control-allow-origin",
"value": "*"
}
]
}
]
}
`
i deployed earlier without headers and it deployed successfully but it was giving me CORS error then i addded the headers and now it is giving me a new error that headers is not a object.
i tried a few different methods but i still can not figure this out
I encountered similar issue and after going through vercel documents https://vercel.com/guides/how-to-enable-cors and few different tries, this worked for me:
The header has to be its own key for specifying access-control-allow-origin and "routes" will need to be replaced with "rewrite" as header and route keys don't go together. And If there are few different domains for your app, you need to duplicate header object within the outer header array for each path for access control origin issue.
Eg:
{
"version": 2,
"builds": [
{
"src": "./index.py",
"use": "#vercel/python"
}
],
"rewrites": [
{ "source": "/(.*)", "destination": "src/app.js" }
],
"headers": [
{
"source": "/(.*)",
"headers": [
{ "key": "Access-Control-Allow-Origin", "value": "*" }
]
},
{
"source": "/vercel_app_domain_name/(.*)",
"headers": [
{ "key": "Access-Control-Allow-Origin", "value": "*" }
]
}
]
}
I have deployed my webhook and connected my WABA. Once I send an image to this business account. It did not return the media id from the response. Actually, the JSON returned to me like this:
{
"entry": [
{
"changes": [
{
"field": "messages",
"value": {
"contacts": [
{
"profile": {
"name": "XXXXXXX"
}
}
],
"messages": [
{
"from": "XXXXXXXXXX",
"id": "wamid.aisjdoiajsodiajsodasd\u003d",
"timestamp": "1657527108",
"type": "image"
}
],
"metadata": {}
}
}
],
"id": "124071984791824"
}
],
"object": "whatsapp_business_account"
}
Or should I try the Whatsapp On-premises API? https://developers.facebook.com/docs/whatsapp/on-premises/reference/media/media-id
You have to chooose the image_id from the request you receive.
like , let media_id=req.body.entry[0].changes[0].value.messages[0].image.id;
you can store this id in DB and use the endpioint where you can get the url for media_id.
Then you can download the image from the URL received and uploaded it anywhere you want.
I have created an AWS Step Function which triggers a Lambda python code, terminates without error if Lambda succeeds, otherwise calls an SNS topic to message the subscribed users if the Lambda fails. It is running, but the message was fixed. The Step Function JSON is as follows:
{
"StartAt": "Lambda Trigger",
"States": {
"Lambda Trigger": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-east-2:xxxxxxxxxxxx:function:helloworldTest",
"End": true,
"Catch": [
{
"ErrorEquals": [
"States.ALL"
],
"ResultPath": "$.error",
"Next": "Notify Failure"
}
]
},
"Notify Failure": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"Message": "Batch job submitted through Step Functions failed with the following error, $.error",
"TopicArn": "arn:aws:sns:us-east-2:xxxxxxxxxxxx:lambda-execution-failure"
},
"End": true
}
}
}
Only thing is, I want to append the failure error message to my message string, which I tried, but is not working as expected.
But I get a mail as follows:
How to go about it?
I could solve the problem using "Error.$": "$.Cause".
The following is a working example of the failure portion of state machine:
"Job Failure": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"Subject": "Lambda Job Failed",
"Message": {
"Alarm": "Lambda Job Failed",
"Error.$": "$.Cause"
},
"TopicArn": "arn:aws:sns:us-east-2:xxxxxxxxxxxx:Job-Run-Notification"
},
"End": true
}
Hope this helps!
Here is the full version of the code
{
"Comment": "A Hello World example of the Amazon States Language using an AWS Lambda function",
"StartAt": "HelloWorld",
"States": {
"HelloWorld": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-east-1:XXXXXXXXXXXXX:function:StepFunctionTest",
"End": true,
"Catch": [
{
"ErrorEquals": [
"States.ALL"
],
"Next": "NotifyFailure"
}
]
},
"NotifyFailure": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"Subject": "[ERROR]: Task failed",
"Message": {
"Alarm": "Batch job submitted through Step Functions failed with the following error",
"Error.$": "$.Cause"
},
"TopicArn": "arn:aws:sns:us-east-1:XXXXXXXXXXXXX:Notificaiton"
},
"End": true
}
}
}
This line is already appending exception object to 'error' path.
"ResultPath": "$.error"
We just need pass '$' to Message.$ to SNS task, both input and error details will be sent to SNS.
{
"TopicArn":"${SnsTopic}",
"Message.$":"$"
}
if we don't want input to Lambda to be appended in email, we should skip ResultPath or have just '$' as ResultPath, input object is ignored.
"ResultPath": "$"
As of November 2019 AWS Step Function has native support for orchestrating EMR Clusters. Hence we are trying to configure a Cluster and run some jobs on it.
We could not find any documentation on how to set the SubnetId as well as the Key Name used for the EC2 instances in the cluster. Is there any such possibility?
As of now our create cluster step looks as following:
"States": {
"Create an EMR cluster": {
"Type": "Task",
"Resource": "arn:aws:states:::elasticmapreduce:createCluster.sync",
"Parameters": {
"Name": "TestCluster",
"VisibleToAllUsers": true,
"ReleaseLabel": "emr-5.26.0",
"Applications": [
{ "Name": "spark" }
],
"ServiceRole": "SomeRole",
"JobFlowRole": "SomeInstanceProfile",
"LogUri": "s3://some-logs-bucket/logs",
"Instances": {
"KeepJobFlowAliveWhenNoSteps": true,
"InstanceFleets": [
{
"Name": "MasterFleet",
"InstanceFleetType": "MASTER",
"TargetOnDemandCapacity": 1,
"InstanceTypeConfigs": [
{
"InstanceType": "m3.2xlarge"
}
]
},
{
"Name": "CoreFleet",
"InstanceFleetType": "CORE",
"TargetSpotCapacity": 2,
"InstanceTypeConfigs": [
{
"InstanceType": "m3.2xlarge",
"BidPriceAsPercentageOfOnDemandPrice": 100 }
]
}
]
}
},
"ResultPath": "$.cluster",
"End": "true"
}
}
As soon as we try to add "SubnetId" key in any of the subobjects in Parameters, or in Parameter itself we get the error:
Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED: The field "SubnetId" is not supported by Step Functions at /States/Create an EMR cluster/Parameters' (Service: AWSStepFunctions; Status Code: 400; Error Code: InvalidDefinition;
Referring to the SF docs on the emr integration we can see that createCluster.sync uses the emr API RunJobFlow. In RunJobFlow we can specify the Ec2KeyName and Ec2SubnetId located at the paths $.Instances.Ec2KeyName and $.Instances.Ec2SubnetId.
With that said I managed to create a State Machine with the following definition (on a side note, your definition had a syntax error with "End": "true", which should be "End": true)
{
"Comment": "A Hello World example of the Amazon States Language using Pass states",
"StartAt": "Create an EMR cluster",
"States": {
"Create an EMR cluster": {
"Type": "Task",
"Resource": "arn:aws:states:::elasticmapreduce:createCluster.sync",
"Parameters": {
"Name": "TestCluster",
"VisibleToAllUsers": true,
"ReleaseLabel": "emr-5.26.0",
"Applications": [
{
"Name": "spark"
}
],
"ServiceRole": "SomeRole",
"JobFlowRole": "SomeInstanceProfile",
"LogUri": "s3://some-logs-bucket/logs",
"Instances": {
"Ec2KeyName": "ENTER_EC2KEYNAME_HERE",
"Ec2SubnetId": "ENTER_EC2SUBNETID_HERE",
"KeepJobFlowAliveWhenNoSteps": true,
"InstanceFleets": [
{
"Name": "MasterFleet",
"InstanceFleetType": "MASTER",
"TargetOnDemandCapacity": 1,
"InstanceTypeConfigs": [
{
"InstanceType": "m3.2xlarge"
}
]
},
{
"Name": "CoreFleet",
"InstanceFleetType": "CORE",
"TargetSpotCapacity": 2,
"InstanceTypeConfigs": [
{
"InstanceType": "m3.2xlarge",
"BidPriceAsPercentageOfOnDemandPrice": 100
}
]
}
]
}
},
"ResultPath": "$.cluster",
"End": true
}
}
}
I am getting the following error when I tried to used the push API to send a notification. The JSON object works in version V7.1
{
"code": "FPWSE0011E",
"message": "Bad Request - The JSON validation failed at 'target'.",
"productVersion": "8.0.0.00-20161122-1902"
}
Here is my JSON object
{
"message": {
"alert": "hello"
},
"settings": {
"apns": {
"badge": 1,
"iosActionKey": "Ok",
"payload": {
"messageType": "HELLO",
"detail": "Here's your message details."
},
"sound": "song.mp3"
},
"gcm": {
"payload": {},
"sound": "song.mp3"
}
},
"target": {
"consumerIds": [],
"deviceIds": ["4A1086CF-873A-4404-BE2D-200EA6BDA8AD"],
"platforms": [
"A","G"
]
}
}
I am using the admin RestAPi interface
https://myserver/mfpadmin/management-apis/2.0/runtimes/mfp/notifications/applications/com.myjobs/messages
I followed the format from the documentation
http://www.ibm.com/support/knowledgecenter/SSHS8R_8.0.0/com.ibm.worklight.apiref.doc/apiref/r_restapi_send_message_post.html
Thanks for your help
According to the v8.0 documentation only 1 property is allowed in target. In your JSON I see several properties are defined.
See example JSON here: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/notifications/sending-notifications/#sending-notifications
And as can be seen:
target" : {
// The list below is for demonstration purposes only - per the documentation only 1 target is allowed to be used at a time.
"deviceIds" : [ "MyDeviceId1", ... ],
"platforms" : [ "A,G", ... ],
"tagNames" : [ "Gold", ... ],
"userIds" : [ "MyUserId", ... ],
},