CertificateManager | Electron app to manage iOS codesigning certificates | iOS library
kandi X-RAY | CertificateManager Summary
kandi X-RAY | CertificateManager Summary
This is a tiny Electron app to allow users to manage and revoke iOS codesigning certificates. It is especially useful if Cydia Impactor throws an ios/submitDevelopmentCSR error, which cannot be fixed via Cydia Impactor's Revoke Certificates option.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Called when a certificate has received .
- Action handler for login requests .
- Sign in with Apple login credentials .
- Method that creates an action with specified name .
- Check that the team ID is valid
- Creates a new window .
- Signs in a user .
- List of teams
- Revoke a certificate .
- Download the certificate .
CertificateManager Key Features
CertificateManager Examples and Code Snippets
Community Discussions
Trending Discussions on CertificateManager
QUESTION
I recently set up an application on AWS via CDK. The application consists of a Dockerized nodejs application, which connects to an RDS instance, and has a Redis caching layer as well. After having the application deployed for a few days, the costs are much higher than I had anticipated, even with minimal traffic. After looking through the cost explorer, it looks like half of the cost is coming from the NAT gateways.
In my current setup, I have created two VPCs. One is used for the application stack, and the other is for the CodePipeline. I needed to add one for the pipeline because without it I was hitting rate limits when trying to pull Docker images during the CodeBuildAction steps.
I'm not very comfortable with the networking bits, but I feel like there are extra resources involved. The pipeline VPC has three NAT gateways and three EIPs. These end up just sitting there waiting for the next deployment, which seems like a huge waste. It seems like a new gateway + EIP is allocated for each construct the VPC is attached to in CDK. Can I just make it reuse the same one? Is there an alternative to adding a VPC at all and not getting rate limited by Docker?
I also find it very surprising (I might just be naive) that the NAT gateway is so far equally as expensive as my current Fargate task costs. Is there an alternative that would serve my purposes, but come at a little lower cost?
Anyways, here are my two stacks:
...ANSWER
Answered 2022-Feb-11 at 11:08I would strongly advise moving from the Docker directory to ECR public gallery to avoid ratelimit issues: https://gallery.ecr.aws/
That said, to answer the question about the number of NATs created. As you can see in the CDK docs, what you're seeing reflects the default behavior (emphasis mine):
A VPC consists of one or more subnets that instances can be placed into. CDK distinguishes three different subnet types:
Public (SubnetType.PUBLIC) - public subnets connect directly to the Internet using an Internet Gateway. If you want your instances to have a public IP address and be directly reachable from the Internet, you must place them in a public subnet.
Private with Internet Access (SubnetType.PRIVATE_WITH_NAT) - instances in private subnets are not directly routable from the Internet, and connect out to the Internet via a NAT gateway. By default, a NAT gateway is created in every public subnet for maximum availability. Be aware that you will be charged for NAT gateways.
Isolated (SubnetType.PRIVATE_ISOLATED) - isolated subnets do not route from or to the Internet, and as such do not require NAT gateways. They can only connect to or be connected to from other instances in the same VPC. A default VPC configuration will not include isolated subnets,
A default VPC configuration will create public and private subnets. However, if natGateways:0 and subnetConfiguration is undefined, default VPC configuration will create public and isolated subnets.
So a separate NAT is created for every Public subnet.
Also, the docs for the natGateways parameter mentioned above also describe the default behavior:
(default: One NAT gateway/instance per Availability Zone)
To limit the number of AZs used by the VPC, specify the maxAzs parameter. Set it to 1 to only have a single NAT per VPC.
If you're fine with making the resources in the VPC publicly reachable from the internet, you can place them in Public subnets and avoid the creation of NATs altogether.
QUESTION
I have deployed my website here:
...ANSWER
Answered 2022-Jan-17 at 09:09Your website doesn't feel like 100% (client side) static website. By that I mean every HTML page is pre-generated and everything is static on client side. If that's the case then /work/1 should not load any html page as it's not a html resource. For it to be HTML resource it should be like /work/1.html
With that being said, it looks like you're using React or some other technology which translates the routing when previous page is known. / -> /work/1
As you have CloudFront already in your stack. Just set the error pages to redirect back to home page and then it should work fine. Attaching the solution for my react app hosted on S3+CloudFront.
QUESTION
I do have three AWS accounts:
- Shared (Where the aws-cdk pipelines live)
- Development
- Production
The Shared account owns a route53 domain name with the corresponding zone.
I do want to allow Development and Production to be able to use those domain names (attach dns records, say dev.domainname.com)
Edit: I need to access other resources (s3 buckets, certificatemanager, ...) in the shared account as well, this was a simplification for the sake of the question.
I bootstrapped the accounts and cross account deployment of pipeline stages works as per this guide
If I try to deploy a stack which uses the domain it fails as expected since the role (cfn-exec-role) in the Development stack has no permissions on the resources of the Shared Stack.
I could go and attach the necessary policies in the Shared Stack allowing the Roles in the Development and Production Stack access the the necesserary resource but is there any way to solve this in Code as per "Infrastructe as Code"?
This would require getting the execution roles of the Development and Production accounts and attaching permissions in the Shared Account
...ANSWER
Answered 2021-Nov-02 at 17:44Because Route53 supports cross-account subdomain Hosted Zones, you can avoid cross-account resource-sharing or permissions. Create a dev.domainname.com Hosted Zone in your development account and a domainname.com Hosted Zone in your production account.
QUESTION
adding a custom domain name to an api gateway via cloudformation. see template below, resource include hosted zone, ssl certificate ... is it possible to aws shield to route 53 .
...ANSWER
Answered 2021-Sep-16 at 21:54Shield Standard is enabled by dafeult and you don't have to do anything to use it in your CFN. From docs:
All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge.
QUESTION
I'm using AWS CDK to construct a CloudFront Ingress for various other microservices. It seems super inconsistent in when it works, normally only the first request, then it completely fails.
I'm making sure to invalidate the entire distribution and making sure everything has updated before I test any changes, but I'm having no luck.
My goal is:
/graphql-> API Gateway/app/*-> S3 Website Bucket (App Static SPA)* (Default)-> S3 Website Bucket (Website Static SPA)
I'm using a CloudFront Function to rewrite requests for the non-default origins to remove the prefix:
...ANSWER
Answered 2021-Sep-11 at 10:19Turns out, the response headers from S3 & API Gateway needed to be changed to account for Cache-Control - using a Lambda@Edge to modify them to not be cached, as well as the ttl configuration, solved the issue.
QUESTION
I'm using Titanium Web Proxy to modify headers of https requests. It works fine in Windows, but in Linux it fails with alert handshake failure error.
I have generated root CA certificates with following commands.
...ANSWER
Answered 2021-Sep-10 at 16:19It's hard to give a definite answer, but I think that the problem lies in the certificate you generate. Try adding the -addext parameter with subject alternative name set to your target hostname. For example, for 'example.com' domain:
QUESTION
I have a CloudFormation template set up to track a CloudFront distribution among other things. Getting this set up, I created an AWS::CertificateManager::Certificate and an AWS::CloudFront::Distribution resource, where the CDN just serves from a non-website S3 origin.
When I run the change set, I get this incredibly vague failure. "Access denied for operation 'AWS::CloudFront::Distribution'." kind of loses me here. For one thing, it's not clear to me what operation this is supposed to be. On top of that, the stack rollback after this is incomplete. The CloudFormation events don't even show an attempt to remove the CDN or the cert, and when I try to hit the CloudFront URL from my browser, it works flawlessly, so I am not even sure what my template was trying to do here that failed. In fact, the only reason this is an issue for me is because the incomplete rollback tries to revert my lambdas in the stack to nodejs8.10, which causes larger failures. If that weren't an issue, I don't know that I would feel the effects of this vague error.
Template, based on the static site sample from a couple of years ago:
...ANSWER
Answered 2021-Jul-30 at 04:29Based on the chat discussion.
The cause of the issue was found to be missing IAM permissions for the IAM role that is used to deploy the stack. Specifically, the permission that was missing was:
cloudfront:GetDistribution- Grants permission to get the information about a web distribution
Adding that permission to the role, solved the problem.
To find the missing permission, CloudTrial's Event History was used.
QUESTION
I am trying to use one of our internal generated java library by JSII from Typescript aws-cdk-library project.
when we try to invoke and on cdk synth we are getting below error
software.amazon.jsii.JsiiException: Module '@company/cdk-tags' not found Error: Module '@company/cdk-tags' not found
Currently we are using cdk version 1.106.0 , java 13 and maven 3.6.
here is our package.json and module-package.json
package.json
...ANSWER
Answered 2021-Jul-07 at 13:59Finally we are able to solve this issue. This was due to multiple modules with same java package structure names. This created a conflict in loading and finding the module when running from java.
After changing the package structure, it started working fine.
We have multiple modules like cloudwatch and nodejs-canary inside a main project.
Before
package.json for cloudwatch
"jsii": { "outdir": "dist", "targets": { "java": { "package": "com.company.common.aws.cdk", "maven": { "groupId": "com.company.common.aws.cdk", "artifactId": "cloudwatch" } } } }
package.json for nodejs-canary
"jsii": { "outdir": "dist", "targets": { "java": { "package": "com.company.common.aws.cdk", "maven": { "groupId": "com.company.common.aws.cdk", "artifactId": "nodejs-canary" } } } }
After
"jsii": { "outdir": "dist", "targets": { "java": { "package": "com.company.common.aws.cdk.cloudwatch", "maven": { "groupId": "com.company.common.aws.cdk", "artifactId": "cloudwatch" } } } }
package.json
"jsii": { "outdir": "dist", "targets": { "java": { "package": "com.company.common.aws.cdk.nodejs_canary", "maven": { "groupId": "com.company.common.aws.cdk", "artifactId": "nodejs-canary" } } } }
Just to add little more, initially when we ran with one module it worked fine. Later after adding additional modules while using in Java we got Module not found error.
QUESTION
I am modifying a CDK pipeline that works. I am adding a lambda, and when this code modification is made, the pipeline fails with an error.
...ANSWER
Answered 2021-Jun-29 at 12:13The error message is rather misleading. The S3 bucket is highly likely to exist in another account if you have access to several accounts - this is because it is an auto-generated bucket that is used by CDK to package and deploy lambdas. I assume it is the same name in all AWS accounts.
The simple solution is to add "s3:*" to your allowed actions against a "*" resource. However, I decided to add a new Policy so that the resource specification was a little tighter. In my case this meant adding a new clause with a different resource specification:
QUESTION
My AWS CloudFormation template for Application load balancer is throwing this error: Failed to retrieve external values. Want help in rectifying this issue. I'm not sure where the error is occuring from. I'm guessing the error might be in the certificate parameter section or the tags, maybe the !Sub value is not taking in the value.
...ANSWER
Answered 2021-Jun-18 at 17:05The error is related to the Type mentioned for the Certificate parameter.
Change it to String as below and pass certificate Arn as the value.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install CertificateManager
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
