I'm trying to create a budget action via API, and I first create the execution role, and I create it like this:
$createdRole = $iamClient->createRole([
'RoleName' => 'budgets-rds-execution-role',
'AssumeRolePolicyDocument' => json_encode([
'Version' => '2012-10-17',
'Statement' => [
[
'Effect' => 'Allow',
'Action' => 'sts:AssumeRole',
'Principal' => [
'Service' => 'budgets.amazonaws.com',
],
],
[
'Effect' => 'Allow',
'Action' => 'sts:AssumeRole',
'Principal' => [
'Service' => $resource . '.amazonaws.com', // resource is either ec2 or rds
],
],
]
]),
'tags' => [
[
'Key' => 'third-party',
'Value' => 'cloud-kill-switch',
]
],
]);
And it creates successfully, but then, when I try and create the subsequent budget action, I get the following error:
"Error executing "CreateBudgetAction" on "https://budgets.amazonaws.com"; AWS HTTP error: Client error: `POST https://budgets.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"AccessDeniedException","Message":"Budgets permission required to assume [ExecutionRole: arn:aws:iam::33519752 (truncated...)
AccessDeniedException (client): Budgets permission required to assume [ExecutionRole: arn:aws:iam::335197525879:role/budgets-rds-execution-role]. Please follow the instruction to grant assumeRole access to [Service Principal: budgets.amazonaws.com]. - {"__type":"AccessDeniedException","Message":"Budgets permission required to assume [ExecutionRole: arn:aws:iam::335197525879:role/budgets-rds-execution-role]. Please follow the instruction to grant assumeRole access to [Service Principal: budgets.amazonaws.com]."}"
All of the questions I've seen say that you need to add the budgets.amazonaws.com principal, but it's already there. Any thoughts?
Related
I was working on the Quickbooks API for one of my projects. I'm getting the following error:
GuzzleHttp\Exception\ClientException Client error: POST https://sandbox-quickbooks.api.intuit.com//*Private Info */ resulted in a 400 Bad Request response: {"Fault":{"Error":[{"Message":"Request has invalid or unsupported property","Detail":"Property Name:Unrecognized field \ (truncated...)
The Code:
I have no idea what it is saying to me to fix it. Can anyone help me with this?
Please find the updated code
if(!$buyer->details->quickbooks_id){
$customer = $http->post(
// Sandbox API hidden for security reason
[
'headers' => [
'Accept'=> 'application/json',
'Content-type'=> 'application/json',
'Authorization'=> 'Bearer '.$oauth['access_token']
],
'body' => json_encode(
[
'PrimaryEmailAddr' => [
'Address' => $buyer->email
],
'DisplayName' => $buyer->first_name.' '.$buyer->last_name.' - '.$buyer->details->business_name,
'PrimaryPhone'=>[
'FreeFormNumber'=> $buyer->phone
],
'CompanyName'=>$buyer->details->business_name,
'GivenName'=>$buyer->first_name,
'FamilyName'=>$buyer->last_name,
'BillAddr'=> [
"CountrySubDivisionCode" => $buyer->details->state,
"City" => $buyer->details->city,
"PostalCode" => $buyer->details->zip,
"Line1" => $buyer->details->address,
"Country" => $buyer->details->country
]
])
]
);
$customer = json_decode((string)$customer->getBody(), true);
$buyer->details->quickbooks_id = $customer['Customer']['Id'];
$buyer->details->save();
}
dd($buyer, $buyer->details, $buyer->details->quickbooks_id);
Probably the issue is with the request body. I had the same issue with the data i pass.
I have found the documentation for it here. I have PHP SDK installed. Now when I go through the documents there is not so much in detail about the PHP one. I have the following questions:
Here how can I specify the $client
$result = $client->createDatabase([
'DatabaseName' => '<string>', // REQUIRED
'KmsKeyId' => '<string>',
'Tags' => [
[
'Key' => '<string>', // REQUIRED
'Value' => '<string>', // REQUIRED
],
// ...
],
]);
Is there any good documents or videos regarding the timestream in PHP from where I can get some help.
There are two client classes. One for writing and one for reading.
TimestreamWriteClient
https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.TimestreamWrite.TimestreamWriteClient.html
and
TimestreamQueryClient
https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.TimestreamQuery.TimestreamQueryClient.html
You can use the function createTimestreamQuery and createTimestreamWrite on the $sdk object to instantiate those classes.
A sample Timestream client and query below.
// Create client
$client = new \Aws\TimestreamQuery\TimestreamQueryClient([
'version' => 'latest',
'region' => AWS_REGION, /* eg: eu-west-1 */
'endpoint' => AWS_TIMESTREAM_ENDPOINT, /* eg: https://query-cell3.timestream.eu-west-1.amazonaws.com */
'credentials' => new \Aws\Credentials\Credentials(AWS_KEY, AWS_SECRET)
]);
// Perform a basic query with the client
$client->query([
'QueryString' => 'select * from "db_timestream"."tbl_usage_logs"',
'ValidateOnly' => true,
]);
If you receive endpoint warning, such as "The endpoint required for this service is currently unable to be retrieved"
You can find endpoint using AWS CLI command,
aws timestream-query describe-endpoints --region eu-west-1
Sample response:
{
"Endpoints": [
{
"Address": "query-cell3.timestream.eu-west-1.amazonaws.com",
"CachePeriodInMinutes": 1440
}
]
}
One can create TimestreamWriteClient and write records in a similar way.
The documentation seems sparse and a bit misleading, to me anyhow.
This is how I got it going for a write client (assuming SDK is installed).
//Create the client
$client = new \Aws\TimestreamWrite\TimestreamWriteClient([
'version' => 'latest',
'region' => 'eu-west-1',
'credentials' => new \Aws\Credentials\Credentials('***KEY***', '***SECRET***')
]);
Note that the 'endpoint' is not specified, as I've seen in some examples. There seems to be some misleading documentation of what the endpoint should be for any given region. The SDK does some magic and creates a suitable endpoint; providing a specific endpoint didn't work for me.
$result = $client->writeRecords(
[
'DatabaseName' => 'testDB',
'TableName' => 'history',
'Records' =>
[
[
'Dimensions' => [
[
'DimensionValueType' => 'VARCHAR',
'Name' => 'Server',
'Value' => 'VM01',
],
],
'MeasureName' => 'CPU_utilization',
'MeasureValue' => '1.21',
'MeasureValueType' => 'DOUBLE',
'Time' => strval(time()),
'TimeUnit' => 'SECONDS',
]
]
]
);
This seems to be the minimum set of things needed to write a record to Timestream successfully. The code above writes one record, with one dimension, in this case, a 'Name' of a 'Server', recording its CPU utilization at time().
Note:
Time is required, although the documentation suggested it is optional.
Time has to be a String.
I am working on xampp, windows 10
$account = \Stripe\Account::create([
'country' => 'US',
'type' => 'custom',
'requested_capabilities' => ['card_payments', 'transfers'],
]);
$file = \Stripe\File::create([
'purpose' => 'identity_document',
'file' => fopen('../images/3.jpg', 'r'),
], [
'stripe_account' => 'acct_xxx',
]);
$verification = \Stripe\Account::update(
'acct_xxxxx',
[
'company' => [
'verification' => [
'document' => [
'front' => $file->id,
],
],
],
]
);
When running it gives me the following error:
Unexpected error communicating with Stripe. If this problem persists, let us know at support#stripe.com. (Network error [errno 26]: )
I tried updating TLS version, I unchecked 1.0 and 1.0 and just kept 1.2 enabled but it didn't help.
You should run the Stripe reachability tool from the same machine to ensure you're able to communicate with the API.
If this is an intermittent error you can also configure automatic retries, though idempotency keys are recommended in this case.
I am trying to run query in Amazon Athena from PHP code:
$client = Aws\Athena\AthenaClient::factory(array(
'version' => 'latest',
'region' => 'us-east-1',
'credentials' => array(
'key' => '<KEY>',
'secret' => '<SECRET>'
)
));
$result1 = $client->StartQueryExecution(array(
'QueryExecutionContext' => array('Database' => 'default'),
'QueryString' => "select * from logs where date between TIMESTAMP '2020-02-27 00:00:00' and TIMESTAMP '2020-02-27 23:59:59' limit 100",
'ResultConfiguration' => array(
'EncryptionConfiguration' => array('EncryptionOption'=> 'SSE_S3'),
'OutputLocation' => 's3://bucket_name/temp'
)
));
and got this error:
Error opening Hive split s3:///data-mining/logs/2019/07/12/07/Log-6-2019-07-12-07-35-01-a1c6d0a9-27e5-458b-b72a-8942a6d2b261.parquet (offset=0, length=756977): com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 4A00D465F919D8AB; S3 Extended Request ID: ...), S3 Extended Request ID: ... (Path: s3://<bucket_name>/data-mining/logs/2019/07/12/07/Log-6-2019-07-12-07-35-01-a1c6d0a9-27e5-458b-b72a-8942a6d2b261.parquet
I can confirm these:
Same query from Athena console (with root user) can be run without problem
I execute query from user which has permissions: AmazonAthenaFullAccess and AmazonS3FullAccess
Make sure you are using an IAM policy associated with the user performing the query that allows operations on the KMS key associated with the parquet files. Even though a bucket may be using SSE_S3, the files may already have been encrypted with KMS instead.
A policy like so:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:GenerateDataKey"
],
"Resource": [
"arn:aws:kms:"region":"account":key/"keyid"
]
}
]
}
I can't figure out how to delete hosted zone resource record set with Amazon PHP sdk.
So my code is following
public function __construct(\ConsoleOutput $stdout = null, \ConsoleOutput $stderr = null, \ConsoleInput $stdin = null) {
parent::__construct($stdout, $stderr, $stdin);
/** #var \Aws\Route53\Route53Client route53Client */
$this->route53Client = Route53Client::factory([
'version' => '2013-04-01',
'region' => 'eu-west-1',
'credentials' => [
'key' => <my-key>,
'secret' => <my-secret-key>
]
]);
}
And this is my function for deleting resource record set
private function deleteResourceRecordSet() {
$response = $this->route53Client->changeResourceRecordSets([
'ChangeBatch' => [
'Changes' => [
[
'Action' => 'DELETE',
'ResourceRecordSet' => [
'Name' => 'pm-bounces.subdomain.myDomain.com.',
'Region' => 'eu-west-1',
'Type' => 'CNAME',
],
]
]
],
'HostedZoneId' => '/hostedzone/<myHostedZoneId>'
]);
var_dump($response);
die();
}
And the error I'm keep getting is
Error executing "ChangeResourceRecordSets" on "https://route53.amazonaws.com/2013-04-01/hostedzone/<myHostedZoneId>/rrset/"; AWS HTTP error: Client error: `POST https://route53.amazonaws.com/2013-04-01/hostedzone/<myHostedZoneId>/rrset/` resulted in a `400 Bad Request` response:
<?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><Error><Type>Sender</Type><Co (truncated...)
InvalidInput (client): Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found none in Change with [Action=DELETE, Name=pm-bounces.subdomain.myDomain.com., Type=CNAME, SetIdentifier=null] - <?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><Error><Type>Sender</Type><Code>InvalidInput</Code><Message>Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found none in Change with [Action=DELETE, Name=pm-bounces.subdomain.myDomain.com., Type=CNAME, SetIdentifier=null]</Message>
So what exactly is minimum required set of params so I will be available to delete resource record from hosted zone? If you need any additional informations, please let me know and I will provide. Thank you
Ok I have figure it out. If you wan't to delete resource record set from hosted zones, then the code/function for deleting record set should look like following
private function deleteResourceRecordSet($zoneId, $name, $ResourceRecordsValue, $recordType, $ttl) {
$response = $this->route53Client->changeResourceRecordSets([
'ChangeBatch' => [
'Changes' => [
[
'Action' => 'DELETE',
"ResourceRecordSet" => [
'Name' => $name,
'Type' => $recordType,
'TTL' => $ttl,
'ResourceRecords' => [
$ResourceRecordsValue // should be reference array of all resource records set
]
]
]
]
],
'HostedZoneId' => $zoneId
]);
}