https://serverless-stack.com/ logo
Join Slack
Powered by
Hey, I'm a complete newbie and can't progress in t...
# help
j
Hey, I'm a complete newbie and can't progress in the guide any further than implementing the security. My problem is that I'm unable to make a request to post a note as a specific user I've created beforehand.
Copy code
Authenticating with User Pool
Getting temporary credentials
Making API request
getaddrinfo ENOTFOUND <http://myapiaddress.execute-api.us-east-1.amazonaws.com|myapiaddress.execute-api.us-east-1.amazonaws.com>
Also I've tried to use CLI's command to list all users from Cognito user pool, but it says that the user pool I'm specifying does not exist
Copy code
An error occurred (ResourceNotFoundException) when calling the ListUsers operation: User pool us-east-1_Zxk5GzdPn does not exist.
But I'm positive that this pool exists, cause this is the pool that is shown in logs:
Copy code
Stack admin-notes-auth
  Status: no changes
  Outputs:
    IdentityPoolId: us-east-1:ac536b89-e80e-47e2-a046-7b0c441fd70c
    Region: us-east-1
    UserPoolClientId: 5leqtmeo0p4a3j6oeijli78gkq
    UserPoolId: us-east-1_Zxk5GzdPn
r
Is your lambda definitely running in the same region as the user pool?
j
How can I check that? I think it might be possible that it's running in eu-east-1
The sst.json file in my project directory has a value of us-east-1 in it
r
easiest way is to log into the AWS console and check the various regions
j
It was set here to eu-central-1. I've changed it to us-east-1, should I redeploy the app for this changes to be applied?
m
What's your region in 
sst.json
file?
j
us-east-1
Also the address works, as the API returns Forbidden when I access /notes/list via a web browser, which I guess is expected after enabling security
The user-pool-id seems to be fine as well, as I get a "user not found" if I enter incorrect credentials on purpose
r
I would run the 
sst remove
then redeploy making sure you're setting the correct AWS_PROFILE and region, maybe specify directly using 
--region us-east-1
j
I ran 
sst remove
and I wasn't able to redeploy before manually removing all buckets, S3 tables and CloudFormation stacks. I did that and then always added 
--region us-east-1
after the 
sst start
and 
sst deploy
commands. It's exactly the same I am still able to create a new user, then verify their email. But no luck adding a note or getting a user list from Cognito 😕
Copy code
$ npx aws-api-gateway-cli-test --username='<mailto:admin@example.com|admin@example.com>' --password='Passw0rd!' --user-pool-id='us-east-1_YHwOj0uvJ' --app-client-id='261540hsf5ligu83006vokp20f' --cognito-region='us-east-1' --identity-pool-id='us-east-1:732ef2a5-cde3-472e-85cd-449dbaa25cc3' --invoke-url='<https://hqijyz1iof.execute-api.us-east-1.amazonaws.com>' --api-gateway-region='API_REGION' --path-template='/notes' --method='POST' --body='{"content":"hello world","attachment":"hello.jpg"}'
Authenticating with User Pool
Getting temporary credentials
Making API request
getaddrinfo ENOTFOUND hqijyz1iof.execute-api.us-east-1.amazonaws.comc
Copy code
$ aws cognito-idp list-users --user-pool-id us-east-1_YHwOj0uvJ

An error occurred (ResourceNotFoundException) when calling the ListUsers operation: User pool us-east-1_YHwOj0uvJ does not exist.
r
is your CLI command using the same AWS profile as your stack deploy?
j
I have only ever used one AWS profile for now, so I can't see how could it use a different one.
r
Ok, so it must be the default one. Hmm
it's defined in 
~/.aws/credentials
what can you see in the console?
j
Exactly what I pasted above. Is that what you're asking?
When I create user I get a proper, expected response.
Copy code
$ aws cognito-idp sign-up --region us-east-1 --client-id 261540hsf5ligu83006vokp20f --username <mailto:admin@example.com|admin@example.com> --password Passw0rd!
{
    "UserConfirmed": false,
    "CodeDeliveryDetails": {
        "Destination": "a***@e***.com",
        "DeliveryMedium": "EMAIL",
        "AttributeName": "email"
    },
    "UserSub": "42fcd64c-b31c-452f-b5aa-2f7563e498fc"
}
r
I mean, if you log into the AWS console and look at what's been created, what do you see?
j
Is this what you meant?
r
Yes but more in terms of Cognito
j
Here's the user pool, my test user is in it
however the identity pool seems to be misconfigured?
Or maybe it's fine, the Identity pool ID matches the one I'm trying to use
r
I'm not sure what's going on, maybe one of the maintainers can help when they wake up, sorry
j
No problem, you've been a massive help. I got to learn something new even through this troubleshooting process. Thank you!
r
No worries, glad I could help a tiny bit!
c
This looks like a region/profile issue. If you run this, what do you get?
Copy code
aws cognito-idp list-users --user-pool-id us-east-1_YHwOj0uvJ --region us-east-1
j
It works, amazingly. It doesn't work if I don't specify the region
But wherever I check, everything is set to us-east-1.
c
Hmmm, so you should specify your default region as us-east-1. Either with an env variable or in config
Yeah, I think all your resources are us-east-1 but your aws cli is defaulting to another region
j
how do I change the env var?
c
*export AWS_DEFAULT_REGION=*_`us-east-1`_
on *nix
j
list-users
works now flawlessly even without specifying the region, however I'm still facing this issue where I can't add a note. The command works on MacOS, I use GitBash on Windows and it doesn't. What gives?
c
Which command works on MacOS and not on Windows? Have you set the default region on Windows? Also can you reshare the latest command you've run for adding a note and the error you get?
j
Copy code
$ npx aws-api-gateway-cli-test --username='<mailto:admin@example.com|admin@example.com>' --password='Passw0rd!' --user-pool-id='us-east-1_YHwOj0uvJ' --app-client-id='261540hsf5ligu83006vokp20f' --cognito-region='us-east-1' --identity-pool-id='us-east-1:732ef2a5-cde3-472e-85cd-449dbaa25cc3' --invoke-url='<https://hqijyz1iof.execute-api.us-east-1.amazonaws.com>' --api-gateway-region='API_REGION' --path-template='/notes' --method='POST' --body='{"content":"hello","attachment":"hello.jpg"}'
This one. I've set the variable on Windows, the command has been tested on MacOS remotely by my colleague.
This command returns
Copy code
Authenticating with User Pool
Getting temporary credentials
Making API request
getaddrinfo ENOTFOUND hqijyz1iof.execute-api.us-east-1.amazonaws.comc
c
Copy code
--api-gateway-region='API_REGION'
should this not be (not familiar with this command):
Copy code
--api-gateway-region='us-east-1'
So this command works on another computer, i.e you know the API is properly configured?
j
Yes it should, obviously. But it is not the problem, the result is exactly the same even with api-gateway-region set properly
Yes, the api is fine. It returns 403 Forbidden to my colleague
This seems to be some kind of a weird Windows-specific issue
c
Long shot, but if you do a traceroute to 
<https://hqijyz1iof.execute-api.us-east-1.amazonaws.com/>
can you reach it?
j
I believe so, I can even make it return forbidden in my browser if I go to the endpoint /notes/list
but let me try
It looks like it's timing out
after the 12th hop
c
Haha Windows - the gift that keeps on giving 😆
What IP is it resolving to?
j
[52.0.218.116]
c
Getting the same here so not a DNS issue.
j
<http://vadata-ic333118-ash-b2.ip.twelve99-cust.net|vadata-ic333118-ash-b2.ip.twelve99-cust.net> [62.115.11.183]
that's as far as it'll go
Although I manage to get 403 when hitting the API's 
/note
route with my browser, which should give me my (user's) notes list, but I'm not logged in obviously.
So I would assume that my computer is able to communicate with the API. Furthermore I got every endpoint to work before I added the AuthStack
c
Could be a routing issue with your shell session... Does 
curl <https://hqijyz1iof.execute-api.us-east-1.amazonaws.com/notes>
return forbidden?
j
yep
c
Ok I'm out of ideas. Have you tried using postman?
You can use aws cli to generate a token and then put it in the Authorization header in postman
j
Okay, I managed to post a note. Instead of Git Bash I used windows terminal, but had to escape the 
"
in the JSON and it was a pain in my spine. But it worked eventually
5 Views
Open in Slack
PreviousNext
Powered by