I want to create azure resources but I am having an issue while generating the token credential for creating such resources.
The following is the way to create azure postgres SQL but I need to Pass the credentials
But I don't know how to generate that token programitaillcay.
I need help for this.
const msRestAzure = require('ms-rest-azure');
const PostgreSQLManagementClient = require('azure-arm-postgresql');
const subscriptionID = '<subscription id>';
const resourceGroup = '<resource group name>';
const serverName = '<server name>'; // must be globally unique
msRestAzure.interactiveLogin().then((credentials) => {
let client = new PostgreSQLManagementClient(credentials, subscriptionID);
return client.servers.createOrUpdate(resourceGroup, serverName, {
location: 'eastus',
properties: {
createMode: 'Default',
administratorLogin: 'postgres',
administratorLoginPassword: 'F00Bar!!'
}
});
}).then((server) => {
console.log('Server:');
console.dir(server, {depth: null, colors: true});
}).catch((err) => {
console.log('An error ocurred');
console.dir(err, {depth: null, colors: true});
});
Does anyone know how to generate it? and using what? It's a signed token I guess using Client Id and tenant ID But how to generate it.
There's no documentation provided to generate it programitially. Is there any way?
interactiveLogin() will provide a link and a code that will allow the user to authenticate from a browser.
When using the Node.js SDK programmatically, there are 2 methods.
1)You could use your username and password to authenticate with the API using your Azure account. It's not recommended because it requires a very high degree of trust in the application, and carries risks which are not present in other flows.
const Azure = require('azure');
const MsRest = require('ms-rest-azure');
MsRest.loginWithUsernamePassword(process.env.AZURE_USERNAME, process.env.AZURE_PASSWORD, (err, credentials) => {
if (err) throw err;
let client = new PostgreSQLManagementClient(credentials, subscriptionID);
// ...
});
2)You may want to use service principal authentication rather than providing your account credentials. It is based on service principal without user account. First, create service principal in Azure portal.
const Azure = require('azure');
const MsRest = require('ms-rest-azure');
MsRest.loginWithServicePrincipalSecret(
'clientId/appId',
'client-secret',
'tenantId',
(err, credentials) => {
if (err) throw err
let client = new PostgreSQLManagementClient(credentials, subscriptionID);
// ...
}
);
For more detail about JavaScript authentication samples using ms-rest-azure library, see here.
Update:
If using service principal, try to add Azure OSSRDBMS Database application permission. Navigate to Azure AD > your app > API permission. And remember to grant admin consent for your tenant.
Recently I was using the Sign-up and Sign-in template similar this one developed by Vladimir Budilov.
But now, I've been modifying my application to use the hosted UI developed by Amazon. So my application redirects to the hosted UI, all the authentication is made there and they send me the authentication token, more os less as explained in this tutorial.
Summarizing, I call the hosted UI and do login:
https://my_domain/login?response_type=token&client_id=my_client_id&redirect_uri=https://www.example.com
I'm redirected to:
https://www.example.com/#id_token=123456789tokens123456789&expires_in=3600&token_type=Bearer
So, I have now the token_id but I can't get the current user or user parameters from this. Could anyone help me with informations or some directions?
I've tried the methods in Amazon developer guide .
It works well when I was using Vladimir Budilov's template but trying to use the token_id, I'm not succeeding. Thanks in advance for your time and help.
var data = {
UserPoolId : '...', // Your user pool id here
ClientId : '...' // Your client id here
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) {
cognitoUser.getSession(function(err, session) {
if (err) {
alert(err);
return;
}
console.log('session validity: ' + session.isValid());
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId : '...' // your identity pool id here
Logins : {
// Change the key below according to the specific region your user pool is in.
'cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>' : session.getIdToken().getJwtToken()
}
});
// Instantiate aws sdk service objects now that the credentials have been updated.
// example: var s3 = new AWS.S3();
});
}
The attributes you configure to be added as claims are already available inside the id_token with base64 encoding (Since its a JWT token).
You can decode the token and access these attributes both at Client Side using Javascript and on Server.
For more info refer the StackOverflow question How to decode JWT tokens in JavaScript.
Note: If you need to trust these attributes for a backend operation, make sure you verify the JWT signature before trusting the attributes.
Here's a specific example of how to parse the callback parameters and set up a user session. This could be initiated in onLoad of your page.
import { CognitoAuth } from 'amazon-cognito-auth-js';
const authData = {
ClientId : '<TODO: add ClientId>', // Your client id here
AppWebDomain : '<TODO: add App Web Domain>',
TokenScopesArray : ['<TODO: add scope array>'], // e.g.['phone', 'email', 'profile','openid', 'aws.cognito.signin.user.admin'],
RedirectUriSignIn : '<TODO: add redirect url when signed in>',
RedirectUriSignOut : '<TODO: add redirect url when signed out>',
IdentityProvider : '<TODO: add identity provider you want to specify>', // e.g. 'Facebook',
UserPoolId : '<TODO: add UserPoolId>', // Your user pool id here
AdvancedSecurityDataCollectionFlag : '<TODO: boolean value indicating whether you want to enable advanced security data collection>', // e.g. true
Storage: '<TODO the storage object>' // OPTIONAL e.g. new CookieStorage(), to use the specified storage provided
};
const auth = new CognitoAuth(authData);
auth.userhandler = {
onSuccess: function(result) {
alert("Sign in success");
showSignedIn(result);
},
onFailure: function(err) {
alert("Error!");
}
};
const curUrl = window.location.href;
auth.parseCognitoWebResponse(curUrl);
Now you're "signed in" as far as the Cognito JS client is concerned, and you can use getCurrentUser(), getSession(), etc. `See "Use case 2" here for more context/details.
I am using aws-sdk with node.js and I am not able to establish a connection to aws ec2 to obtain instance details using the sdk.
This is the error:
Error Error: connect ENETUNREACH
at Object.exports._errnoException (util.js:1020:11)
at exports._exceptionWithHostPort (util.js:1043:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1086:14)
And this is the piece of code I have written:
I have removed the access keys for security purpose.
var express = require("express");
var mysql = require('mysql');
var connection = mysql.createConnection({
host: 'localhost',
user: '',
password: '',
database: ''
});
var app = express();
// Load the SDK for JavaScript
var AWS = require('aws-sdk');
// Set the region
AWS.config.update({
region: 'us-east-1'
});
var AWS_ACCESS_KEY_ID = '';
var AWS_SECRET_ACCESS_KEY = '';
var params = {
DryRun: false
};
ec2 = new AWS.EC2({
apiVersion: '2016-11-15'
});
ec2.describeInstances(params, function(err, data) {
if (err) {
console.log("Error", err.stack);
} else {
console.log("Success", JSON.stringify(data));
res.send({
message: data
});
}
});
app.listen(443);
console.log("The node server is running at port 443");
Is there a way to fix this? I am using aws-sdk for the first time. Thanks in advance.
Probably you're not passing the API keys.
var AWS_ACCESS_KEY_ID = '';
var AWS_SECRET_ACCESS_KEY = '';
var params = {
DryRun: false
};
ec2 = new AWS.EC2({
accessKeyId: AWS_ACCESS_KEY_ID,
secretAccessKey: AWS_SECRET_ACCESS_KEY,
apiVersion: '2016-11-15'
});
Recommendation:
Put your API keys in separated locations.
If this code will be hosted within an EC2, use Service role permissions for EC2.
Use profiles.
The credentials seems to be the issue here. Please double check the credentials you are providing for connecting to EC2. The best option would be to generate a new key_id and secret_access_key and use that.
I would personally recommend to download the credentials file and pass that in your code rather than putting key_id and secret_access_key here.
Is Your Computer or Node.js connect to internet? You control this.
first open cmd an use ping, if the ping return packet proper. Control internet of node.js. For control use requestify module for this. use this code:
const requi=require('requestify');
requi.get("https://google.com")
.then(function(data){
console.log(data);
})
.catch(function (err) {
console.log(err);
});
The easiest way to ensure you're doing this properly is to follow the suggested credential management described in AWS SDK For NodeJs.
npm install aws-sdk
Create a credentials file at ~/.aws/credentials on Mac/Linux or C:\Users\USERNAME.aws\credentials on Windows
[default]
aws_access_key_id = your_access_key
aws_secret_access_key = your_secret_key
And then have the AWS object manage the credentials for you:
var AWS = require('aws-sdk');
It looks like you might be almost there; instead of storing your keys in your code, store them in the specified credentials file above, and try again.
I'm developing an app which makes use of both AWS Mobile Analytics and Cognito Sync for user data. From looking at my network logs, I can see that the AMA.Manager for Mobile Analytics makes the same API calls as Cognito Sync to request limited temp credentials from AWS.
AWS.config.credentials.get()
My question is if its possible for both new AMA.Manager() and new AWS.CognitoSyncManager() to use the same unauthenticated identity which is requested initially from AWS.config.credentials.get()? Assuming they're both using the same Identity Pool.
Solved my own issue. As long as both AMA.Manager and AWS.CognitoSyncManager are initialized with the same credentials provider using a single IdentityPoolId it works fine. Example of my code below:
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: SHARED_COGNITO_IDENTITY_POOL_ID
});
var analytics = null;
var syncClient = null;
var options = {
appId : MOBILE_ANALYTICS_APP_ID
};
AWS.config.credentials.get(function(err) {
if(!err){
syncClient = new AWS.CognitoSyncManager();
analytics = new AMA.Manager(options);
}
});
Can someone explain how to fix a missing config error with Node.js? I've followed all the examples from the aws doc page but I still get this error no matter what.
{ [ConfigError: Missing region in config]
message: 'Missing region in config',
code: 'ConfigError',
time: Wed Jun 24 2015 21:39:58 GMT-0400 (EDT) }>{ thumbnail:
{ fieldname: 'thumbnail',
originalname: 'testDoc.pdf',
name: 'testDoc.pdf',
encoding: '7bit',
mimetype: 'application/pdf',
path: 'uploads/testDoc.pdf',
extension: 'pdf',
size: 24,
truncated: false,
buffer: null } }
POST / 200 81.530 ms - -
Here is my code:
var express = require('express');
var router = express.Router();
var AWS = require('aws-sdk');
var dd = new AWS.DynamoDB();
var s3 = new AWS.S3();
var bucketName = 'my-bucket';
AWS.config.update({region:'us-east-1'});
(...)
How about changing the order of statements?
Update AWS config before instantiating s3 and dd
var AWS = require('aws-sdk');
AWS.config.update({region:'us-east-1'});
var dd = new AWS.DynamoDB();
var s3 = new AWS.S3();
I had the same issue "Missing region in config" and in my case it was that, unlike in the CLI or Python SDK, the Node SDK won't read from the ~\.aws\config file.
To solve this, you have three options:
Configure it programmatically (hard-coded): AWS.config.update({region:'your-region'});
Use an environment variable. While the CLI uses AWS_DEFAULT_REGION, the Node SDK uses AWS_REGION.
Load from a JSON file using AWS.config.loadFromPath('./config.json');
JSON format:
{
"accessKeyId": "akid",
"secretAccessKey": "secret",
"region": "us-east-1"
}
If you work with AWS CLI, you probably have a default region defined in ~/.aws/config. Unfortunately AWS SDK for JavaScript does not load it by default. To load it define env var
AWS_SDK_LOAD_CONFIG=1
See https://github.com/aws/aws-sdk-js/pull/1391
Same error for me:
After doing a lot of trials I have settled on the below:
OPTION 1
set the AWS_REGION environment variable in local system only, to us-east-1 (example)
For Linux:
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=us-east-1
For Windows
see: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
now, no need to set any lambda variables for region
also, no need to use in code, for example:
AWS.config.update(...), this is not required
AWS.S3(), etc., these will work without any problems. In place of S3, there can be any aws service
In a rare case if somewhere some defaults are assumed in code and you are forced to send region, then use {'region': process.env.AWS_REGION})
OPTION 2
Instead of environment variables, another way is AWS CONFIG file:
On Linux you can create below files:
~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
~/.aws/config
[default]
region=us-west-2
output=json
See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
You can specify the region when creating the dynamodb connection (haven't tried s3 but that should work too).
var AWS = require('aws-sdk');
var dd = new AWS.DynamoDB({'region': 'us-east-1'});
var AWS = require('aws-sdk');
// assign AWS credentials here in following way:
AWS.config.update({
accessKeyId: 'asdjsadkskdskskdk',
secretAccessKey: 'sdsadsissdiidicdsi',
region: 'us-east-1'
});
var dd = new AWS.DynamoDB();
var s3 = new AWS.S3();
I have gone through your code and here you are connecting to AWS services before setting the region, so i suggest you to update the region first and then connect to services or create instance of those as below -
var express = require('express');
var router = express.Router();
var AWS = require('aws-sdk');
AWS.config.update({region:'us-east-1'});
var dd = new AWS.DynamoDB();
var s3 = new AWS.S3();
var bucketName = 'my-bucket';
I'm impressed this hasn't been posted here yet.
Instead of setting the region with AWS.config.update(), you can use
const s3 = new AWS.S3({
region: "eu-central-1",
});
to make it instance specific.
This may not be the right way to do it, but I have all my configs in a separate JSON file. And this does fix the issue for me
To load the AWS config, i do this:
var awsConfig = config.aws;
AWS.config.region = awsConfig.region;
AWS.config.credentials = {
accessKeyId: awsConfig.accessKeyId,
secretAccessKey: awsConfig.secretAccessKey
}
config.aws is just a JSON file.
To the comment above, you can always it run from your local global config file ~./aws/config by adding the following:
process.env.AWS_SDK_LOAD_CONFIG="true";
This will load your local global config file and use whatever credentials/account you are in which is really handy when iterating through multiple accounts / roles.
You can resolve this issue right in your project directory.
npm i -D dotenv.
Create .env file in root of our project.
Set environment variable AWS_SDK_LOAD_CONFIG=1 in that .env file.
const {config} = require("dotenv"); in the same file where you configure connection to DynamoDB.
config() before you new AWS.DynamoDB().
P.S. As someone have mentioned before, problem is that Node doesn't get data from your aws.config file
You could create a common module and use it based on the region you want to
var AWS = require('aws-sdk')
module.exports = {
getClient: function(region) {
AWS.config.update({ region: region })
return new AWS.S3()
}
}
and consume it as,
var s3Client = s3.getClient(config.region)
the idea is to Update AWS config before instantiating s3
I know I am EXTREMELY late to the party, but I have an additional solution which worked for me.
It might be worth passing credentials to each resource directly.
let lambda = AWS.Lambda({region: "us-east-1"});
let credentials = new AWS.SharedIniFileCredentials({
profile: PROFILE_NAME,
});
lambda.config.credentials = credentials;
Best Practice would be to utilize an Amazon Cognito Identity pool.
Create an IAM Policy that defines the access to the resource you want. (Least Access Privilege)
Then create an Amazon Cognito Identity Pool allowing unauthenticated identities.
Then attached the IAM Policy you created to the Unauthenticated Role for the Identity Pool.
Once that is setup you use the following code:
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'IdentityPoolIdHere',
});
Amazon Cognito assumes the IAM Role specified in unauthenticated identities where Amazon STS is utilized in the background which then populates config with temporary credentials with accessibility as defined in the attached IAM Policy for the IAM Role.
var AWS = require("aws-sdk");
AWS.config.getCredentials(function(err) {
if (err) console.log(err.stack);
// credentials not loaded
else {
console.log("Access key:", AWS.config.credentials.accessKeyId);
}
});
In my case, I was trying to use it in a React.JS app following this tutorial.
I needed to move the config data to the same file where I was calling the DocumentClient instead of having the config in my index.js file.
create a common module and use it based on the region you want to
var AWS = require('aws-sdk')
module.exports = {
getClient: function(region) {
AWS.config.update({ region: region })
return new AWS.S3()
}
}
----------------------------------------------------
And then you can use the following .
var s3Client = s3.getClient(config.region)
It's 2022 and this is the top result on Google for "Missing region in config".
For those getting this error when using the AWS Node SDK in combination with profiles (i.e. ~/.aws/config and ~/.aws/credentials), the solution is to load the credentials for the profile name (via
AWS.SharedIniFileCredentials),
and then separately get the region for the profile name using the
#aws-sdk/shared-ini-file-loader.
i.e.
import AWS from "aws-sdk";
import { loadSharedConfigFiles } from "#aws-sdk/shared-ini-file-loader";
const profileName = "default"; // change this to whatever profile name you want
loadSharedConfigFiles().then((awsConfig) => {
// console.log(awsConfig);
const region = awsConfig?.configFile?.[profileName]?.region;
const credentials = new AWS.SharedIniFileCredentials({
profile: profileName,
});
// now use the credentials and the profile's region however you want
const pinpoint = new AWS.Pinpoint({
credentials: credentials,
region: region,
});
pinpoint.getApps({}, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
});
A team member of mine experienced this issue when trying to set up SNS Text Messaging with the AWS Node SDK.
We were getting this error when we run the process:
ConfigError: Invalid region in config
Here's how he solved it:
The initial way the AWS credentials are referenced are:
AWS_ACCESS_KEY='AKIAR5NCt72I72Nrt267'
AWS_SECRET_ACCESS_KEY='DhnqpuPdfV9nwFufsKJLJsydfJb7HNjPb5suwpvM'
AWS_REGION='us-west-1'
He simply removed the quotes '' around the credentials, so we had this:
AWS_ACCESS_KEY=AKIAR5NCt72I72Nrt267
AWS_SECRET_ACCESS_KEY=DhnqpuPdfV9nwFufsKJLJsydfJb7HNjPb5suwpvM
AWS_REGION=us-west-1
And it worked fine afterward.