I am connecting to AWS SecretManager, in which my code connects to specific region endpoint(below code)
AmazonSecretsManagerConfig config = new AmazonSecretsManagerConfig { RegionEndpoint = RegionEndpoint.USEast1 };
Now, I want to add one more new region RegionEndpoint.USEast2
I want this RegionEndpoint selection dynamically, based on the specific region request. Kindly help, How can I configure Multi Region in my C# Code?
Note: My app is running on Fargate and not on EC2 instance, so below solutions won't work:
client = Amazon.Util.EC2InstanceMetadata.Region.SystemName;
or
client = new Amazon&&&&Client(credentials, RegionEndpoint.GetBySystemName("us-east-1"));
You should be able to get the current region from reading the AWS_REGION environment variable as mentioned in this post: How can we determine the current region with AWS Fargate.
Related
I need to query CustomEvents under application insights in an azure function.
I was able to read CustomEvents using below package:
Microsoft.Azure.ApplicationInsights.Query
Here is the code:
string applicationId = "xxxx-xxxx-xxxx";
string key = "xxxxxxxxxxx";
// Create client
var credentials = new ApiKeyClientCredentials(key);
var applicationInsightsClient = new ApplicationInsightsDataClient(credentials);
// Query Application Insights
var query = "customEvents" +
" | where timestamp > ago(840h)" +
" | take 3";
var response = await applicationInsightsClient.Query.ExecuteWithHttpMessagesAsync(applicationId, query);
The library 'Microsoft.Azure.ApplicationInsights.Query is however deprecated and suggestion is to use Azure.Monitor.Query
Below is the code that Microsoft documentation has as an example to query logs using Azure.Monitor.Query :
Azure.Response<Azure.Monitor.Query.Models.LogsQueryResult> response = await logsQueryClient.QueryWorkspaceAsync(
"<workspaceId>",
"customEvents ",
new QueryTimeRange(TimeSpan.FromMinutes(300)));
Since this library queries using workspace id, I linked my application insights instance to a log analytics workspace instance. However the function fails with a BadArgumentError "Failed to resolve table or column expression named 'customEvents'"
Is there a way we can query CustomEvents using the package Azure.Monitor.Query?
Any help is appreciated.
Thanks
Yes, it works.
Below is a tested code.
Once you link your Application Insights to Azure Monitor workspace, you can query your AI tables from that WS, without the need to use app().
The thing is that the tables` names are different, e.g., traces becomes AppTraces.
In the same manner, customEvents becomes AppEvents.
Well, it turns out it is even documented, under Migrate to workspace-based Application Insights resources
Legacy table name
New table name
Description
availabilityResults
AppAvailabilityResults
Summary data from availability tests.
browserTimings
AppBrowserTimings
Data about client performance, such as the time taken to process the incoming data.
dependencies
AppDependencies
Calls from the application to other components (including external components) recorded via TrackDependency() – for example, calls to REST API, database or a file system.
customEvents
AppEvents
Custom events created by your application.
customMetrics
AppMetrics
Custom metrics created by your application.
pageViews
AppPageViews
Data about each website view with browser information.
performanceCounters
AppPerformanceCounters
Performance measurements from the compute resources supporting the application, for example, Windows performance counters.
requests
AppRequests
Requests received by your application. For example, a separate request record is logged for each HTTP request that your web app receives.
exceptions
AppExceptions
Exceptions thrown by the application runtime, captures both server side and client-side (browsers) exceptions.
traces
AppTraces
Detailed logs (traces) emitted through application code/logging frameworks recorded via TrackTrace().
using Azure;
using Azure.Identity;
using Azure.Monitor.Query;
using Azure.Monitor.Query.Models;
string workspaceId = "...";
var client = new LogsQueryClient(new DefaultAzureCredential());
try
{
Response<LogsQueryResult> response = await client.QueryWorkspaceAsync(
workspaceId,
"AppEvents | count",
QueryTimeRange.All);
LogsTable table = response.Value.Table;
foreach (var row in table.Rows)
{
Console.WriteLine(row);
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
I'm trying to create a brand new network with two address spaces (10.0.0.0/20 and 10.0.16.0/20) and, most importantly, set useInVmCreationPermission and usePublicIpAddressPermission to Allow.
I have the lab already created and I'm able to create a network but I'm unable to relate them with each other. I'm not sure if it's possible through the REST API but if the portal does it, I'm pretty sure it can be achieved (even if I had to use HttpClient). The way it's done in the Azure Portal, is described here: https://learn.microsoft.com/en-us/azure/devtest-labs/devtest-lab-configure-vnet .
This is my code:
private async Task Create(IAzure azureClient, DbLab dbLab)
{
var virtualNetworkId = Guid.NewGuid().ToString();
var virtualNetwork = await azureClient
.Networks
.Define(virtualNetworkId)
.WithRegion(dbLab.Region.Value)
.WithExistingResourceGroup(dbLab.ResourceGroupName)
.WithAddressSpace(Consts.IPv4DynamicAddressSpace)
.WithAddressSpace(Consts.IPv4StaticAddressSpace)
.WithSubnet($"{virtualNetworkId}_dynamic", Consts.IPv4DynamicAddressSpace)
.WithSubnet($"{virtualNetworkId}_static", Consts.IPv4StaticAddressSpace)
.CreateAsync();
var fragment = new VirtualNetworkFragment(
subnetOverrides: virtualNetwork.Subnets.Select(s =>
new SubnetOverrideFragment(
resourceId: s.Value.Name,
useInVmCreationPermission: "Allow",
usePublicIpAddressPermission: "Allow")).ToList());
// fails because vnet is not related to that lab
var vnet = await BaseClientFactory.CreateDevTestLabClient(azureClient)
.VirtualNetworks
.UpdateAsync(dbLab.ResourceGroupName, dbLab.LabId.ToString(), virtualNetworkId, fragment);
}
How do I attach a lab to the vnet programmatically in c#?
Yes, you can configure your existing virtual network to a lab's Virtual Network settings via both the REST API and the SDK as well.
REST API: Virtual Networks - Create Or Update
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DevTestLab/labs/{labName}/virtualnetworks/{name}?api-version=2018-09-15
Note that resourceGroupName is the name of the resource group where the DevTest Lab exists, and not that of the VNet.
Here is the equivalent method in the .Net SDK: CreateOrUpdateWithHttpMessagesAsync
When I execute this with the aws cli, i.ex. inside a fargate task, I can see the UserId that my application is going to use
aws sts get-caller-identity
with this output on the console
{
"Arn": "arn:aws:sts::643518765421:assumed-role/url_process_role/6ae81f92-66f3-30de-1eaa-3a7d1902bad9",
"UserId": "ARDYOAZLVOAQXTT5ZXTV4:4ea81f97-66f3-40de-beaa-3a7d1902bad9",
"Account": "692438514791"
}
I would like to get the same information but using the C# SDK. I tried with the methods exposed in this doc but I can see some account related details but not the UserId assigned.
So far I've tried with this but I cannot see any profile when running in a Fargate task.
var awsChain = new Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain();
System.Console.WriteLine($"Found {awsChain.ListProfiles().Count} AWS profiles.");
My final goal is to get it and add to some task processed with Fargate to save a correlation Id in the database when something fails and easily find the Fargate log stream.
IAmazonSecurityTokenService will provide the same information when executed with .netcore. Notice that the above example will only work inside the AWS domain as the endpoint is not publicly available if testing from a development machine.
var getSessionTokenRequest = new GetSessionTokenRequest
{
DurationSeconds = 7200
};
var stsClient = hostContext.Configuration.GetAWSOptions().CreateServiceClient<IAmazonSecurityTokenService>();
var iden = stsClient.GetCallerIdentityAsync(new GetCallerIdentityRequest { }).Result;
System.Console.WriteLine($"A={iden.Account} ARN={iden.Arn} U={iden.UserId}");
var client = new AmazonCognitoIdentityProviderClient("MYKEY", "MYSECRET", RegionEndpoint.USEast1);
var request = new AdminGetUserRequest();
request.Username = "USERNAME";
request.UserPoolId = "POOLID";
var user = client.AdminGetUserAsync(request).Result;
The key/secret are authenticating as a user with Administrator Access. For good measure, I've also given it the AmazonCognitoPowerUser policy.
The region endpoint is correct and the same as the one my user pool is in. The user pool Id is correct. The first part of the user pool ID matches the region.
I'm at a loss for where else this could possibly be going wrong. Any ideas?
Update 8/2/19
Manual CLI command:
PM> aws cognito-idp list-user-pools --region us-east-1 --max-results 10
{
"UserPools": []
}
The region is correct, so there must be some issue with permissions. Is there anything I could try tweaking on the pool, or other policies I may need to add to the user?
So, it looks like this is some sort of AWS glitch with the existing IAM user.
Having created a new user with exactly the same permissions, access works as intended both from CLI and the code in the original question.
Actually your configuration can be wrong , you downloaded awsconfiguration.json and it looks like same I know.. but this configuration can be wrong. When you examine the json you will see a field.. "CognitoUserPool": {PoolId, appclient id ..}
You need to open your user pool and create new client or control existing client information. Check your awsconfiguration.json again with this webpage's pool id, appclient id etc. Update your json... it will solve the problem.
I ran into this problem with the AWS CLI and it puzzled me too, but I learned that I needed to provide the profile name in the parameter list to get it to work. So it looked like this:
aws cognito-idp admin-get-user --profile dev-account ....
My profiles are stored on my Mac at cat ~/.aws/config| grep profile
The config file is created by an in-house custom script. This is the contents of what that file looks like.
[profile dev-account]
sso_start_url = https://yourcompanyname.awsapps.com/start#/
sso_region = us-east-1
sso_account_id = 1234567890
sso_role_name = PowerUserAccess
region = us-east-1
output = json
Also, in this folder is a "credentials" file that has some JSON for these variables: profile name, aws_access_key_id, aws_secret_access_key, aws_session_token, aws_expiration
It is necessary to define
<add key="AWSRegion" value="us-east-1"/>
application setting in App.config to specify region to use.
I need to change that programmatically
var creds = new BasicAWSCredentials(key, token);
using (var routes = AWSClientFactory.CreateAmazonRoute53Client(creds)){}
how to specify the region in code?
It is the best practice to use more configurable version (i.e. endpoint configured from web.config/app.config). For EC2 client, you can do it by the following way:
var region = RegionEndpoint.GetBySystemName("ap-northeast-1");
var awsEC2Client = new AmazonEC2Client(region);
For others reason, you can specify from here
Resource Link:
How to set the EndPoint / Region for the C# .NET SDK : EC2Client?
How to start an Amazon EC2 instance programmatically in .NET