Unable to register scalable target

[rddefauw]

I've followed the instructions and created the CFN stack. I tested my API manually. I'm now trying to register the scalable target on the CLI:

aws application-autoscaling register-scalable-target \
    --service-namespace custom-resource \
    --scalable-dimension custom-resource:ResourceType:Property \
    --resource-id file://~/tmp/custom-resource-id.txt \
    --min-capacity 1 --max-capacity 15 \
    --region us-east-1

However, I get this error:

An error occurred (ValidationException) when calling the RegisterScalableTarget operation: User is missing the following permissions: execute-api:Invoke:PATCH, execute-api:Invoke:GET

My IAM user has full admin access in the account, and just to be sure, I added an online policy to my user that grants the specific permissions on the API.

I am not sure how to get past this permission problem.

[Nayanish]

Hi, could you provide little more information as below: Region: Account Id: Time stamp of request: Did you control access to your APIGateway rest API via resource policy or some additional means?: Thanks

On Mon, Feb 3, 2020 at 4:31 PM rddefauw [email protected] wrote:

I've followed the instructions and created the CFN stack. I tested my API manually. I'm now trying to register the scalable target on the CLI:

aws application-autoscaling register-scalable-target
--service-namespace custom-resource
--scalable-dimension custom-resource:ResourceType:Property
--resource-id file://~/tmp/custom-resource-id.txt
--min-capacity 1 --max-capacity 15
--region us-east-1

However, I get this error:

An error occurred (ValidationException) when calling the RegisterScalableTarget operation: User is missing the following permissions: execute-api:Invoke:PATCH, execute-api:Invoke:GET

My IAM user has full admin access in the account, and just to be sure, I added an online policy to my user that grants the specific permissions on the API.

I am not sure how to get past this permission problem.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/aws/aws-auto-scaling-custom-resource/issues/25?email_source=notifications&email_token=AACRJMPI3L2CTBZXHJ5MQBLRBCZPZA5CNFSM4KPOOPO2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKYAT5Q, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACRJMO6ZNOAXAJHJN65SCTRBCZPZANCNFSM4KPOOPOQ .

-- Nayanish Software Development Engineer Amazon Seattle

[rddefauw]

I've made some progress in debugging this. I switched to using boto3 and started getting a different error:

Reason: Scalable resource not found

Checking the API Gateway logs, I saw this:

Execution failed due to configuration error: Invalid permissions on Lambda function

And I solved that by deleting and recreating my CloudFormation stack; I think that the API was caching an old version of the Lambda function ID.

In summary, things are working with boto3, but still not with the CLI. My API uses Lambda functions in proxy mode with IAM authentication.

[Reneehi]

We might need to get some more information from you to troubleshoot further. Are you able to post this to the AWS discussion forum at https://forums.aws.amazon.com/forum.jspa?forumID=291?

[rddefauw]

Looks like user error: I had a newline marker at the end of the custom resource txt file.

Generally the error messages for custom resources are not as helpful as they could be. For example:

• Newline in the resource file yields a misleading permission error message. Shouldn't it just tell me that it can't find the API endpoint?
• A malformed JSON response from the API yields a generic 'Error reading entity from input stream' message, which is probably coming from a low level JSON or HTTP library.

[yujin19]

I hit error below

An error occurred (ValidationException) when calling the RegisterScalableTarget operation: Unsupported service namespace, resource type or scalable dimension

I created my own apidateway on api gateway console, I can get response 200, but this url cannot be used to register the ScalableTarget. If I use the api created from the template here, https://github.com/aws-samples/aws-application-auto-scaling-kinesis/blob/master/cloudformation/custom-application-autoscaling-kinesis.yaml, I can register successfully, is there any restrictions when config the api?

[Reneehi]

Hi, Can you check whether you have a service-linked role for Application Auto Scaling in your account? I noticed that the example Kinesis template you shared deploys an alternative IAM role configuration. If this is the issue, then you can fix it by adding the service-linked role for custom resources to your account. https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-service-linked-roles.html

[yujin19]

Anyone hit this error:

Validation failed for resource,  scalable dimension: custom-resource:ResourceType:Property. Reason: java.net.SocketTimeoutException: Read timed out (Service: AWSApplicationAutoScaling; Status Code: 400; Error Code: ValidationException

[pprandive]

I hit error below

An error occurred (ValidationException) when calling the RegisterScalableTarget operation: Unsupported service namespace, resource type or scalable dimension

I created my own apidateway on api gateway console, I can get response 200, but this url cannot be used to register the ScalableTarget. If I use the api created from the template here, https://github.com/aws-samples/aws-application-auto-scaling-kinesis/blob/master/cloudformation/custom-application-autoscaling-kinesis.yaml, I can register successfully, is there any restrictions when config the api?

Were you able to resolve it? I am also facing the same issue. Could you please let me know if you had any success. Thanks! -Prafulla