Using VS Code extensions to help with AWS CloudFormation templates

Writing CloudFormation templates by hand is time consuming and error prone. Usually I know what is is that I’m trying to create and and know roughly what the options are, but remembering the exact syntax in json or YAML is near impossible.

VS Code has a number of extensions that can make this a lot easier. Tab code complete with plugins like “CloudFormation Snippets’ makes writing new templates incredibly quick and easy:

By default with this extension, type cfn then Tab to auto complete the skeleton of a CloudFormation template. If you have autocomplete on tab turned off you can turn it on in your VS Code settings, or manually use Ctrl-Space to trigger:

After pressing Tab you get an empty template:

As I’m writing a template for a new DynamoDB table, I enter dynamodb-table under Resources and Tab and it adds the skeleton ready to complete:

This saves time in having to look at what the required and optional attributes are, but unless I’m missing a feature it doesn’t have any auto completion to help select values for some attributes where valid values are from a list of options. For example, for DynamoDB BillingMode, the available options are PROVISIONED or PAY_PER_REQUEST. I can go look that up in the docs here, but it would be nice if it would offer tab complete for those too.

Read AWS IAM permission errors carefully – they tell you everything you need to know (Twitter to Mastodon bot migration)

Migrating my @kevinhookebot Twitter bot to Mastodon, I made some updates to how the Lambda queries a source DynamoDB table for new messages to be posted and ran into this error:

"errorType": "AccessDeniedException",
    "errorMessage": "User: arn:aws:sts::account-id:assumed-role/lambda-kevinhookebot-role/kevinhooketwitterbot-v2-dev-sendTweet is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-west-1:account-id:table/tweetbottweets/index/tweetdate-createdate-index because no identity-based policy allows the dynamodb:Query action"

The IAM role I’m reusing does have dynamodb:Query, but only on these resources:

"Resource": [
  "arn:aws:dynamodb:us-west-1:account-id:table/tweetbottweets",
  "arn:aws:dynamodb:us-west-1:account-id:table/tweetbottweets/index/Index",
  "arn:aws:dynamodb:us-west-1:account-id:table/tweetbotreplies"
]

This only includes the table itself, the primary index called Index, and another table tweebotreplies.

Notice this part of the message:

is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-west-1:account-id:table/tweetbottweets/index/tweetdate-createdate-index

The issue is this role does not include Query on a new index I added, called tweetdate-createdate-index. To resolve this, add this index to the list of Resources, and problem resolved.

Moving my Twitterbot @kevinhookebot to Mastodon @kevinhookebot@botsin.space

I mentioned a few days back that I’ve started to look at migrating some of my Twitter bot projects over to Mastodon, specifically to the botsin.space Mastondon server. Over the past few years I’ve deployed a number of bots that have been running continually for a number of years now without any updates. My motivation to move away from patronizing Twitter since the buyout is that it’s not a place I want to hang out anymore, but also I have some tech updates I need to take care of for these bots. A few of them I deployed 5 years ago and the AWS Lambda runtimes they were deployed with are now long past their support and have long been deprecated.

The main Lambda for @kevinhookebot was deployed originally in 2017 but updated at some point at least once in 2018:

The Lambda that watches for replies to a Tweet and replies automatically I don’t think has been updated since it was first deployed, and has been running on the Node6 runtime since 2017:

Both of these need to get redeployed with a later/supported runtime and also moved to using the Servlerless framework to help automate the deploys. It’s also odd that given that I share most of my hobby projects on Github, neither of these were committed to a repo anywhere, so first steps were to commit the original source to Github, and then starting making my updates.

First Steps

Before completely retiring the Twitter accounts, I’m going to update most of these to either cross-post to Twitter and Mastodon, or fork a Mastodon version and keep both running for a while, then eventually I’ll close the accounts on Twitter later.

For first steps, updating @kevinhookebot has to add integration with Mastondon’s apis to post a status update. I’ve got some learning to do with the apis and the authentication approach, but so far using the mastondon-api npm module, posting a status update is as simple as:

let Mastodon = require('mastodon-api');
let config = require('./config/config-mastodon.json');

exports.postMastodon = (item) => {

    const M = new Mastodon({
        access_token: config['access-token'],
        api_url: 'https://botsin.space/api/v1/',
    });

    M.post('statuses', {
        "status" : item.tweettext
    })
        .then((resp) => console.log(resp.data));

}

I still have to things to work out, like how to query replies to a Toot that I’ll need to support some of my other interactive bots, but so far so good.