sts | Swagger to sf schema & st column in ng-alain | Frontend Framework library

There is a command line tool called iam-mfa that will do this for you: https://github.com/zagaran/iam-mfa. (Disclaimer: I am the primary author of the tool.)

The key is to use named profiles. One profile (the source_profile) will hold the credentials that you use to call sts get-session-token. The other profile (the dest_profile) will be where you save the session token you get from sts, and is the profile you use to do all subsequent API calls.

You can install it with pip install iam-mfa.

You can then call it with:

Make sure that the IAM Role assigned to the MediaConvert job has a Trust Policy that trusts MediaConvert:

If you can call the Lambda function from API Gateway, then your question title "how to connect an aws api gateway to a private lambda function inside a vpc" is already complete and working.

It appears that your actual problem is simply accessing Secrets Manager from inside a Lambda function running in a VPC.

It's also strange that you are assigning a "db" security group to the Lambda function. What are the inbound/outbound rules of this Security Group?

It is entirely unclear why you created a VPC endpoint. What are we supposed to make of service_name = "foo"? What is service "foo"? How is this VPC endpoint related to the Lambda function in any way? If this is supposed to be a VPC endpoint for Secrets Manager, then the service name should be "com.amazonaws.YOUR-REGION.secretsmanager".

If you need more help you need to edit your question to provide the following: The inbound and outbound rules of any relevant security groups, and the Lambda function code that is trying to call SecretsManager.

Update: After clarifications in comments and the updated question, I think the problem is you are missing any subnet assignments for the VPC Endpoint. Also, since you are adding a VPC policy with full access, you can just leave that out entirely, as the default policy is full access. I suggest changing the VPC endpoint to the following:

Turns out /var/run is a symlink to /run in my container and ECS wasn't able to handle this. I changed my setup to use /run/php instead of /var/run/php and everything works perfectly.

I was able to solve this issue with the help of an AWS rep. It turns out I needed a public and private subnet in my VPC containing the lambda. The lambda itself had to be in a private subnet with the public subnet containing a NAT gateway and an internet gateway. Instead of a single route table in the VPC, I needed separate route tables for the two subnets. The private one contains the peering connection route and VPC CIDR route like I mentioned in my question but also contains a route with destination 0.0.0.0/0 with the NAT gateway as the target. The public subnet route table contains the VPC CIDR route as well as a route with destination 0.0.0.0/0 with the internet gateway as the target.

From AWS JSON policy elements: Principal

You cannot use a wildcard to match part of a principal name or ARN.

That config will have a trailing comma in the JSON array, which is a syntax error for the format specification. I would recommend updating the usage to the templatefile function. You could then also make this much easier for yourself with the jsonencode function to convert from HCL2. Your template would appear like:

In the assume_role_policy of your IAM role

The most probable reason for this issue would be either one of the following:

1. User which is being used from PBI does not have 'default_role' set with a value.

2. If it is set with a value then the role does not have USAGE privilege on the WH which is being set from PBI.

Run the following to check this:

show grants on warehouse ;