by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 31 2019 14:07
    jugalde-r7 commented #2352
  • Jan 31 2019 09:36
    takeyourhatoff commented #2427
  • Jan 31 2019 09:35
    takeyourhatoff commented #2427
  • Jan 30 2019 23:10
    diehlaws commented #2427
  • Jan 30 2019 23:09
    diehlaws labeled #2427
  • Jan 30 2019 23:09
    diehlaws labeled #2427
  • Jan 30 2019 21:47
    diehlaws labeled #2352
  • Jan 30 2019 21:47
    diehlaws commented #2352
  • Jan 30 2019 21:12
    diehlaws commented #2342
  • Jan 30 2019 20:58
    diehlaws assigned #2427
  • Jan 30 2019 20:54
    diehlaws unlabeled #81
  • Jan 30 2019 20:54
    diehlaws unlabeled #142
  • Jan 30 2019 20:54
    diehlaws unlabeled #618
  • Jan 30 2019 20:54
    diehlaws unlabeled #81
  • Jan 30 2019 20:54
    diehlaws unlabeled #142
  • Jan 30 2019 20:54
    diehlaws unlabeled #619
  • Jan 30 2019 20:54
    diehlaws unlabeled #628
  • Jan 30 2019 20:54
    diehlaws unlabeled #568
  • Jan 30 2019 20:54
    diehlaws unlabeled #521
  • Jan 30 2019 20:54
    diehlaws unlabeled #487
sahana-tm
@sahana-tm

@swoldemi : Thank you very much for response, I tried as you suggested but still getting this error
panic: Error response from daemon: Get https://aws_account_id.dkr.ecr.region.amazonaws.com/v2/AWSECRImage//manifests/v1: no basic auth credentials

code snippet of image pull:
cli.ImagePull(ctx, "aws_account_id.dkr.ecr.region.amazonaws.com/AWSECRImage:v1", types.ImagePullOptions{RegistryAuth:*GetAuthorizationTokenOutput.AuthorizationData[0].AuthorizationToken })

IAM Role permission for image :
{
"Version": "2008-10-17",
"Statement": [{
"Sid": "ImagePull",
"Effect": "Allow",
"Principal": "",
"Action": [
"cloudtrail:LookupEvents",
"ecr:
"] }]
}
Can you tell me what can be wrong here ? or anything missing still ?

Simon Woldemichael
@swoldemi

@sahana-tm Doesn't look like you're doing anything wrong, your policy looks right too. I went ahead and tried it and got the same issue, but will try to explain why I think it doesn't work. This is really unintuitive. So running this example (https://play.golang.org/p/gun6F6SpC5M), similar to what you probably found here (https://docs.docker.com/engine/api/sdk/examples/), I get the same issue, no basic auth credentials.

But running this (https://play.golang.org/p/8ElsKHISmLF) code, I am able to pull the test image I pushed. It's a little weird that you need to decode the base64 encoded credentials ECR returns, structure it into a JSON understood by the latest version of the Docker Engine API (https://docs.docker.com/engine/api/v1.40/#section/Authentication), then encode that back into base64, but I think this is just a discrepancy in how the local docker daemon will pull the image. Depending on your setup, your client code will make request to your local docker daemon and the docker daemon will pull the image from ECR. Normally, you would do a docker login and docker would read credentials from some file (somewhere in ~/.docker) when you run docker pull, but the architecture is the same. There are some AWS credential helpers that simplify this for you too, but probably aren't what you're looking for here

Using the token and making an HTTP request does work as expected though because you are making a request directly to the remote AWS managed ECR proxy (under "Using HTTP API Authentication"): https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth

sahana-tm
@sahana-tm
@swoldemi : Thank you very much. Its was of great help , Now I am able to download image successfully :) Much appreciated.
Hareem-E-Sahar
@Hareem-E-Sahar
Hi everyone, got an off topic question. I am wondering why AWS developers and users use Gitter to discuss project issues instead of commenting under the issue report in the GitHub issue tracker?
Hope someone can share their perspective
Cristian Măgherușan-Stanciu
@cristim
@Hareem-E-Sahar As far as I've seen most things discussed here are support questions not related to existing github issues
Shyam Prasad N
@shyamtg_gitlab
Hi, I'm looking to write a golang client to sign in to my cognito user pool using the admin created username and password. Is there a sample code available for reference?
Cristian Măgherușan-Stanciu
@cristim
I usually look at the SDK docs first and if there are no code samples I do a github code search for the method name that I am interested about
real code is usually better than dummy code samples
Another option is to see the code sample of another SDK and convert it to Go, the calls/work flow are usually easy to convert
Shyam Prasad N
@shyamtg_gitlab
@cristim Thanks
Piyush Singh
@quickAtTime_twitter
Hi ,
Working with AWS SDK boto3. Anyone has a reference book or related tutorials regarding resources except the official documents?
Simon Woldemichael
@swoldemi
@quickAtTime_twitter The aws-doc-sdk-examples repo has a lot of good examples; has boto3 specific examples too: https://github.com/awsdocs/aws-doc-sdk-examples/tree/master/python/example_code
manjeetsorout
@manjeetsorout

why is policy.PolicyName admin in the following snippet?

func UserPolicyHasAdmin(user iam.UserDetail, admin string) bool {
for _, policy := range user.UserPolicyList {
if
policy.PolicyName == admin {
return true
}
}

return false

}

Simon Woldemichael
@swoldemi
@manjeetsorout The first parameter of that function has a field called UserPolicyList. UserPolicyList is a slice of type PolicyDetail. PolicyDetail has a field called PolicyName and is just the name of the IAM policy. So this function returns true if the name of policy attached to the user you are checking is equal to the second parameter of the function. The value of the second parameter can be any policy name that you choose to be associated with admin users. Does that make sense?
https://docs.aws.amazon.com/sdk-for-go/api/service/iam/#UserDetail
https://docs.aws.amazon.com/sdk-for-go/api/service/iam/#PolicyDetail
manjeetsorout
@manjeetsorout
Yeah i got it , Thank you so much @swoldemi

I'm getting the following error in the snippet below(new method defined):

./iamGetAdmins.go:27:6: syntax error: unexpected AttachedUserPolicyHasAdmin, expecting (

func AttachedUserPolicyHasAdmin(user iam.UserDetail, admin string) bool {
for _, policy := range user.AttachedManagedPolicies {
if
policy.PolicyName == admin {
return true
}
}

return false

}

Simon Woldemichael
@swoldemi
@manjeetsorout Do you have any functions/code where you have AttachedUserPolicyHasAdmin defined? Most likely missing a brace/curly bracket somewhere
manjeetsorout
@manjeetsorout

@swoldemi thanks again
link to complete code : https://github.com/awsdocs/aws-doc-sdk-examples/blob/master/go/example_code/iam/IamListAdmins.go

and i'm getting the following errors for every method and function:

./iamGetAdmins.go:27:6: syntax error: unexpected AttachedUserPolicyHasAdmin, expecting (
./iamGetAdmins.go:39:6: syntax error: unexpected GroupPolicyHasAdmin, expecting (
./iamGetAdmins.go:60:6: syntax error: unexpected AttachedGroupPolicyHasAdmin, expecting (
./iamGetAdmins.go:80:6: syntax error: unexpected UsersGroupsHaveAdmin, expecting (
./iamGetAdmins.go:108:6: syntax error: unexpected IsUserAdmin, expecting (
./iamGetAdmins.go:129:6: syntax error: unexpected main, expecting (

Simon Woldemichael
@swoldemi
@manjeetsorout Your filename and line numbers don't match where the functions are defined in IamListAdmins.go. I'm able to run the linked code without issues. "Unexpected name, expecting (" is usually an indication of a typo somewhere. Does your code editor support a Go language server?
manjeetsorout
@manjeetsorout

@swoldemi
yeah, i'm using vs code. please search by method name as line numbers are different in my editor.
i get the following error when i run the program:

./iamGetAdmins.go:27:6: syntax error: unexpected AttachedUserPolicyHasAdmin, expecting (
./iamGetAdmins.go:39:6: syntax error: unexpected GroupPolicyHasAdmin, expecting (
./iamGetAdmins.go:60:6: syntax error: unexpected AttachedGroupPolicyHasAdmin, expecting (
./iamGetAdmins.go:80:6: syntax error: unexpected UsersGroupsHaveAdmin, expecting (
./iamGetAdmins.go:108:6: syntax error: unexpected IsUserAdmin, expecting (
./iamGetAdmins.go:129:6: syntax error: unexpected main, expecting (

Simon Woldemichael
@swoldemi
@manjeetsorout If the line numbers are different that means your code is not the same as IamListAdmins.go. Can you share a snippet of iamGetAdmins.go? You can also message it to me directly if you want
Eric Sebastian
@ericvyolta_twitter
Hi, I'm currently using AWS SDK for Go IAM GetCredentialReport. Is there any reference for converting GetCredentialReportOutput.Content (type []byte) into a struct type ?
Simon Woldemichael
@swoldemi

@ericvyolta_twitter Hello, the data stored as GetCredentialReport.Content should always be returned in CSV format, but I'm not 100% sure; GetCredentialReport.ReportFormat should always be "text/csv".
Here's the example: https://play.golang.org/p/zfXlSG745bO

Decoding the response from the API call and adding the values to a struct is straightforward. You need to do a little extra work to keep bool and time.Time (ISO 8601) consistent though. https://github.com/gocarina/gocsv lets you use csv: tags on your struct and you can do the correction using customizations: https://github.com/gocarina/gocsv#customizable-converters

manjeetsorout
@manjeetsorout

I'm getting the following error while creating policy by CreatePolicy method:

Error MalformedPolicyDocument: Resource vendor must be fully qualified and cannot contain regexes.
status code: 400, request id: f8b4457a-ae0d-4545-bd75-f94ba170331f

Simon Woldemichael
@swoldemi
@manjeetsorout Can you share your input to CreatePolicyInput.PolicyDocument?
manjeetsorout
@manjeetsorout
@swoldemi Thanks. i have solved that issue now.
mohit kumar singh
@MohitKS5
hello, is there a way to use put-metric-filter using sdk or api for cloudwatch ?
mohit kumar singh
@MohitKS5
Sorry I left something in the question, for s3 bucket . (add filters for s3 bucket metrics)
I have reached upto here: https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#S3.PutBucketMetricsConfiguration Trying to figure out where prefix will go
Never mind, found it. Thanks @cristim
Cristian Măgherușan-Stanciu
@cristim
you're welcome @MohitKS5
The Fueley
@thefueley
Could someone point out what I'm missing here? Trying to list keys in a bucket but it returns nothing.
resp, err := svc.ListObjectsV2(&s3.ListObjectsV2Input{
        Bucket:    aws.String(bucket),
        Prefix:    aws.String("weak/"),
        Delimiter: aws.String("/")})
Simon Woldemichael
@swoldemi
@thefueley Is an error being returned? Do you have a prefix in the bucket called "weak"? Are you trying to call the API through an S3 Access Point? Does anything get returned if you don't provide a Delimiter?
resp, err := svc.ListObjectsV2(&s3.ListObjectsV2Input{
        Bucket:    aws.String(bucket),
        Prefix:    aws.String("weak/"),
        })
puvvadav
@puvvadav
Is there any way to get ETag and Last Modified Time from the Upload response ? I want basically response from Upload so that it is consistent with the uploaded object. If I call HeadObject after the upload, response may contain new update as there is a delay between Upload and HeadObject .
UploadOutput object does not have this information. Is there any way to get the information atomically ?
Simon Woldemichael
@swoldemi
@puvvadav I don't think there's anyway to get that at the same time as s3manager.UploadOutput, without calling a different API. If you just want to ensure consistency (upload integrity), you can pass ContentMD5 to s3manager.UploadInput after you compute and encode the MD5 digest of the object you're uploading. S3 will do the same thing server-side to make sure the object you Uploaded from your program is the same thing the bucket received. If you HeadObject and set HeadObjectInput.VersionId to be the same as UploadOutput.VersionID, then that shouldn't happen since a version is immutable. Even if someone uploads a new object version, the version you just uploaded will still be there. You just need to make sure versioning is enabled
puvvadav
@puvvadav
@swoldemi , thanks. Is there any future plan to include Etag and date as part of UploadOuput ? Passing ContentMD5 to s3manager. UploadInput is another option, but we need to unnecessarily compute checksum for upload even though PutObject response already have these fields which are not included in UploadObject object.
Simon Woldemichael
@swoldemi

@puvvadav Not sure if there are any plans or if anyone has already brought this up in the repo, but s3manager.Upload calls s3.CompleteMultipartUpload (when it's finished) if the object was too big for a single part, or s3.PutObject if the object does fit in a single part. Both PutObjectOutput and CompleteMultipartUploadOutput have the ETag so I think if you just open an issue or submit a PR it should be pretty straight forward to add. Not sure what the reasoning was to only read the VersionId from the output of the underlying upload:

Multipart: https://github.com/aws/aws-sdk-go/blob/c684c4bcf52b24d077e6cde5c42d04754481d578/service/s3/s3manager/upload.go#L609-L636
Singlepart: https://github.com/aws/aws-sdk-go/blob/c684c4bcf52b24d077e6cde5c42d04754481d578/service/s3/s3manager/upload.go#L519-L531

puvvadav
@puvvadav
@swoldemi , sure, I will open an issue.
The Fueley
@thefueley
Hi, @swoldemi . I do have a prefix called "weak" within the S3 bucket, with keys in it. I am getting an error "no such file or directory" when I try to list using bucketname. If I try using bucketname/prefix, I get no error but also no results. When I remove the delimiter, I get no results. I'm not using an S3 access point. I have tested using s3api list-objects --bucket --prefix and --delimiter with success. Just seems odd that I don't get the same results using ListObjectsV2
@swoldemi It works fine to display objects at the root level. It's when I try to list objects under a prefix.
Simon Woldemichael
@swoldemi
@thefueley Can you share the full error or a snippet of your code? no such file or directory looks like a native error from package os, not S3 (does not look like one of the Amazon S3 error codes). If the result works through the AWS CLI then it could also be a session configuration issue
The Fueley
@thefueley
@swoldemi sure thing. Here's a paste. https://pastebin.com/MQJ0KuPA
Simon Woldemichael
@swoldemi
Thanks, also the full error? If the error happens when you call the ListObjectsV2 API then it should be: Unable to list items in bucket <bucket-name>, <the error you are seeing>
But from looking at your code, I'll guess it's from the fileExists function you have
The Fueley
@thefueley
Oh, sorry. Unable to open file "{\n ETag: \"\\\"d41d8cd98f00b204e9800998ecf8427e\\\"\",\n Key: \"weak/\",\n LastModified: 2020-07-06 02:54:35 +0000 UTC,\n Size: 0,\n StorageClass: \"STANDARD\"\n}", open weak/: no such file or directory exit status 1
The Fueley
@thefueley
@swoldemi I tried the list objects code in the example code repo. It works for me so there's something in my own version that's breaking it. I'll keep at it. Thanks for taking a look.
Simon Woldemichael
@swoldemi
@thefueley No problem. Looks like that error is on line 95. You try to create a file with the same name as the key, but the key contains a forward slash so os.Create (which calls os.Open) thinks you are trying to open a directory first, but it doesn't exist. If you just want to make a filesystem directory to match your bucket's key structure, you should use os.Mkdir instead.
The Fueley
@thefueley
@swoldemi That's it! I commented out the call to download the objects and now get the list of the objects. Thank you!