Enable A Jinja Extension In Flask

To add a Jinja2 extension you need to call the add_extension method on the app's jinja_env object like so:

app.jinja_env.add_extension('jinja2.ext.do')

Concatenate or Append Strings in Jinja

I needed to concatenate two strings in a Jinja template. My particular use case was for dynamically filling the placeholder HTML5 attribute on a form field.

Here's how I did it in the template:

{% set placeholder_text = ["Posting in ", variable_name ] %}

And then while rendering the form field I used the variable I just created like this:

{{ form.post(placeholder=placeholder_text|join) }}

Upload A Positive SSL or Comodo SSL Certificate Amazon's IAM From Command Line

You'll need to make sure your private key is in RSA format:

openssl rsa -in yourdomain.key -out yourdomain.key.rsa

Here's the command to upload the certificate to Amazon:

aws iam upload-server-certificate --server-certificate-name YourDomainDotCom --certificate-body file://STAR_yourdomain_com.crt --private-key file://yourdomain.key.rsa --certificate-chain file://COMODORSADomainValidationSecureServerCA.crt

Amazon's Token Vending Machine for iOS and Android

I followed instructions on Amazon's website to deploy their Token Vending Machine in order to more securely allow mobile users to interact with S3. In order to limit what resources a user has access to through the mobile application you need to define IAM policies that dictate such.

The user policy that Amazon includes in the instructions is a great start, but shouldn't be used in production because it effectively defines wide open access to all resources and every function.

The instructions for setting up the TVM do indeed state to modify the policies leaving the first two intact, but I found that certain access was also required of SimpleDB. Simply keeping the STS, IAM, and S3 policies were not enough.

I discovered this by enabling verboseLogging on the iOS client which led to realizing that the TVM deployed on Elastic Beanstalk was actually returning an HTTP 500 when the client tried to get a token.

Tailing the Tomcat log (catalina.out) on Elastic Beanstalk pointed to the specific problem:

SEVERE: Unexpected exception: [User (arn:aws:iam::464308372880:user/TVMUser) does not have permission to perform (sdb:CreateDomain) on resource (arn:aws:sdb:us-east-1:464308372880:domain/TokenVendingMachine_DEVICES). Contact account owner.] Setting Http status code 500

So I included specific SDB access and also limited S3 access to certain functions and certain buckets. The following is the example for SDB that Amazon includes in their documentation; it should be modified to provide the least access necessary for your purpose.

{
    "Effect": "Allow",
    "Action": "sdb:*",
    "Resource": "*"
}

You can tail the Tomcat log on Amazon Linux like so:

tail -f /var/log/tomcat7/catalina.out

To enable verboseLogging for the AWK SDK on iOS:

  [AmazonLogger verboseLogging];

A valid provisioning profile for this executable was not found.

Are you trying to build and run an app on a device using a production provisioning profile?

You'll see this error:

A valid provisioning profile for this executable was not found

Switch to a development provisioning profile when pushing to a device locally.