Welcome to AWS re:Post

Please let me know if this a valid approach or I am missing something fundamental.. **Requirement**: - I need to be able to restrict each tenant users from accessing each other s3 files - and be able to measure each tenant space usage in the s3. **Solution I think to implement**: Upon user signup, we check if this is a sign up by invitation to already existing tenant space or a new registration - if it's a new tenant than we register him in a custom dynamodb table and create an s3 bucket for him - if it's a new user in existing tenant we we only adding him to the IAM Role that can access the tenant s3 bucket **Details**: I currently am using cognito custom attribute to save tenant ID (it's configured to not be changeable by the user itself) and struggle to figure out how I can affect the role mapping in the cognito Identity pool to implement the above logic. Please give me directions to dig further or advises on the overall approach in general. Some of the ideas are taken from this article https://medium.com/@dantasfiles/multi-tenant-aws-amplify-method-2-cognito-groups-38b40ace2e9e and it also suggests to use cognito dynamic groups to differ tenants and it seems to resolve the s3 issue as well, but with dynamic groups sync events won't work, right? > Known limitation: Real-time subscriptions are not supported for dynamic group authorization. https://docs.amplify.aws/cli/graphql/authorization-rules/#user-group-based-data-access There is also this question https://repost.aws/questions/QUW1WibDWjQd2rOll4mDiPMA which suggest to use a lymbda and presigned s3 urls to regulate the access to s3 files based on the tenant logiclg...

Hi Team, I have an FSx for Windows file server in a single AZ. Unfortunately the ENI got detached from the FSx and the file system went to misconfigured state. Please let me know if there is a way to reattach it or get the FSx back to working state. Best, Taraslg...

I have a problem while installing librosa this error message comes: ``` OSError: cannot load library 'libsndfile.so': libsndfile.so: cannot open shared object file: No such file or directory ``` I tried many solutions and didn't work, please helplg...

Local access to the server is normal. The public network is also accessible within a few minutes after restarting. But after a few minutes, the public network cannot be accessed, and the local can still be accessed.lg...

Hi, I am new to ML/AI, Can someone help me create model for detection damage on mobile i.e. screen damage, back panel damaged etc, How sagemaker can helplg...

Hi, I am using a third party API for payments for which they need to whitelist our IP but we are on aws serverless that is an API of API gateway invoke the lambda function. so it return diff IPs on invocation. How to have static outbound IP address? How to provide a static IP to the third party for whitelisting? I searched but found https://medium.com/financial-engines-techblog/aws-lambdas-with-a-static-outgoing-ip-5174a1e70245 or similar for static IP at lambda. but as per my assumption if a lambda returns static IP to API gateway, will the same IP be returned by API gateway to the calling party?lg...

Hi, Good day. Why are my quicksight pie chart legend not ordered alphabetically? This link says it should be https://docs.aws.amazon.com/quicksight/latest/user/customizing-visual-legend.html. To be honest I see no pattern in the ordering when looking at my other charts. Wish I could attach an image but I see no option to upload. Regards, Jarrettlg...

When are G5 instances expected to be available in Ohio (us-east-2) region?lg...

We have Mobile PlatformApplication arns in AWS account-1, and we can publish PNs to endpoint arns with our java-service in the same account. But when trying to publish PNs with our java-service in different AWS accounts, we get `com.amazonaws.services.sns.model.AuthorizationErrorException`. For Example: My PlatformApplication arn => `arn:aws:sns:<region>:<account-id>:app/GCM/my-mobile-app-name` Once user register his device against this PlatfromApplication arn, a device endpoint will be created as => `arn:aws:sns:<region>:<account-id>:endpoint/GCM/my-mobile-app-name/<uuid>` So, while publishing message to above endpoint arn from different AWS account resulting in `AuthorizationErrorException` There seems no option to provide a resource-based policy for these SNS PlatformApplications (SNS PlatformApplications are not regular SNS topics). How can we solve this? Thanks in Advance!lg...

if I push IoT Core data to Kinesis Analytics as stream, how possible is to apply order by query to streaming data because you don't have complete data to call "order by" ? My goal is pushing IoT Core data and push them to Analytics in order to put them in sequence and push to AppSync to broadcast to subscribers. This Way I can visualize the data flow in time series and sequential in real time. Thankslg...

I am running a batch job that starts an EC2 instance and runs a Java application, and I am trying to generate X-Ray trace for the job. In my docker entrypoint I install X-Ray daemon and start it ``` curl https://s3.us-west-2.amazonaws.com/aws-xray-assets.us-west-2/xray-daemon/aws-xray-daemon-3.x.rpm -o /tmp/xray.rpm yum install -v -y /tmp/xray.rpm xray -o -n us-west-2 & ``` My Java code is instrumented as such ``` try { Segment segment = AWSXRay.beginSegment("load-data-segment"); logger.info("Segment started traceID={}, segment", segment.getTraceId(), segment.prettySerialize()); Subsegment subSegment = AWSXRay.beginSubsegment("load-data-sub-segment"); logger.info("started subSegment traceId={}, {}", subSegment.getTraceId(), subSegment.prettySerialize()); subSegment.putAnnotation("job_id", "load-data-job"); ... } finally { logger.info("Ending subsegment {}, {}", subSegment.getTraceId(), subSegment.prettySerialize()); AWSXRay.endSubsegment(); logger.info("Ending segment {}, {}", segment.getTraceId(), segment.prettySerialize()); AWSXRay.endSegment(); } ``` And I can see from CloudWatch log that the daemon is installed and started, and the segments are created and eventually terminated normally. ``` ... EVENTS 1667282262329 Running X-Ray: xray -o -n us-west-2 & 1667282258652 EVENTS 1667282262329 Getting Secret: dev-shared-kc-local.yml 1667282258654 EVENTS 1667282262329 2022-11-01T05:57:38Z [Info] Initializing AWS X-Ray daemon 3.3.5 1667282258658 EVENTS 1667282262329 2022-11-01T05:57:38Z [Info] Using buffer memory limit of 321 MB 1667282258658 EVENTS 1667282262329 2022-11-01T05:57:38Z [Info] 5136 segment buffers allocated 1667282258658 EVENTS 1667282262329 2022-11-01T05:57:38Z [Info] Using region: us-west-2 1667282258679 EVENTS 1667282262329 2022-11-01T05:57:38Z [Info] HTTP Proxy server using X-Ray Endpoint : https://xray.us-west-2.amazonaws.com 1667282258679 EVENTS 1667282262329 2022-11-01T05:57:38Z [Info] Starting proxy http server on 127.0.0.1:2000 1667282258679 ... VENTS 1667282262329 2022-11-01 05:57:41,933 [main] [default] INFO - Segment started traceID=1-6360b555-5161dc6ff45fcca197606de8, segment 1667282261934 EVENTS 1667282262329 2022-11-01 05:57:41,941 [main] [default] INFO - started subSegment traceId=null, { 1667282261941 EVENTS 1667282262329 "name" : "load-data-sub-segment", 1667282261941 EVENTS 1667282262329 "id" : "348f5fd5734d2002", 1667282261941 EVENTS 1667282262329 "start_time" : 1.667282261934E9, 1667282261941 EVENTS 1667282262329 "in_progress" : true 1667282261941 EVENTS 1667282262329 } 1667282261941 ... ... EVENTS 1667282596467 2022-11-01 06:03:16,334 [main] [default] INFO - Ending subsegment null, { 1667282596334 ... EVENTS 1667282596467 2022-11-01 06:03:16,336 [main] [default] INFO - Ending segment 1-6360b555-5161dc6ff45fcca197606de8 ``` However I am completely unable to find any tracing from X-Ray console. I use the queries like `annotation.job_id`, but nothing shows up. I think I have all the necessary polices added to my role (`AWSXRayDaemonWriteAccess`), but I am suspecting if I didn't set it up properly. Where and how can I start debugging this? I feel like completely at wits' end. Thank you for any suggestions!lg...

I want to use my bucket URL but HTTPS. Here my bucket address: http://mutantboi.xyz.s3-us-west-1.amazonaws.com/ and I wanna use like that: https://mutantboi.xyz.s3-us-west-1.amazonaws.com/ Yesterday I setup cloud front + amazon SSL but not. How can I do that?lg...

**'S3' object has no attribute 'detect_document_text'** this error show when try to extract raw text data from invoice document using AWS Textract python function **detect_document_text** inside AWS Lambda.lg...

I am using Amazon Textract service to extract key-value pairs data from invoice document. In invoice document **Ship To** data is not extracted from document as key-value pair but previously this **Ship To** data is properly extract from document. **For Example ** Before this issue **Ship To** key-value pair extracted full Ship To address with company name. After this issue **Ship To** key-value pair is not extracted any data as key-value pair.lg...

What is the difference between extensions and powertools when fetching in cache from parameter store? In the first place, is the mechanism of the cache function different? I want to use cache for reading from parameter store in my lambda and I am comparing below two features. - [Parameter Store parameters in AWS Lambda functions](https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html) - [AWS Lambda Powertools for Python Parameters](https://awslabs.github.io/aws-lambda-powertools-python/2.0.0/utilities/parameters/) Please tell us about the main points of comparison. ## Supplementary information - Runtime is python - I think there is a difference that the TTL setting can be specified for each key or for the entire lambda processlg...

I have my landing page deployed via Amplify. On the sitemap xml the sitemap is not getting accessed as the limit is exceeded for response length (not sure). ERROR 502 `The Lambda function result failed validation: The body is not a string, is not an object, or exceeds the maximum size. See Limits in the Amazon CloudFront Developer Guide. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.` RESPONSE DATA in network tab `content-length: 1074 content-type: text/html` I guess the max permissible length is 1024 bytes. Can someone correct me if I am guessing wrong. Also, can someone point me to articles if and how I can increase the limit to maybe 4096.lg...

Hi All, Can anyone help on how to setup custom identity provider for file transfer family using Lambda or API Gateway. We have PingFederated Identity management and Azure Identity management. I have no idea how these can work with File Transfer server. Please details if anyone already have implemented similar or same use case. Thank Youlg...

I have an EC2 server, now I can't connect to the server using SSH service, and I can't communicate by pinging the server IP. It was working before until last week 31 Otc. Already stopped and restared the instance, but it doesn't work. Who can help to see what the problem is?  lg...