Cybersecurity attacks are becoming increasingly complicated and increasingly interconnected to aim at to systems that serve for public services, especially in government, finance, insurance, and retirement sectors. For systems built on AEM, it's crucial to keep a close eye on system logs and user activities. This helps catch any illegal actions or unauthorized access, keeping the system secure and data intact.
I. Setting Up Adobe I/O CLI for Cloud Manager
Similar to the AWS CLI, Adobe also offers the Adobe I/O Extensible CLI. This is a customizable command-line interface designed by Adobe, allowing developers to incorporate custom commands and plugins into their workflow.
If you want to know about the Adobe I/O Extensible CLI, you can visit the provided URL here. It directs you to the NPM (Node Package Manager) page for the "@adobe/aio-cli" package, where you can find information about the Adobe I/O CLI package, including its version, description, documentation, and usage instructions.
aio app
aio app add
aio app add action
aio app add actions
aio app add ci
aio app add event
aio app add events
aio app add ext
...
Check Node.js installation with node -v and verify npm with npm -v in your Terminal or Command Prompt.
C:\Users\admin>node -v
v14.18.0
C:\Users\admin>npm -v
6.14.15
Setting Up Adobe I/O CLI Environment:
npm install -g @adobe/aio-cli
Checking Adobe I/O CLI Version: Verify the Installed CLI Version with aio (-v|--version|version)
aio -v
Stay ahead in your work by adding the Adobe I/O CLI Plugin for Cloud Manager—just use the command below!
aio plugins:install @adobe/aio-cli-plugin-cloudmanager
aio plugins:update
If you have trouble installing the plugin using aio plugins:install @adobe/aio-cli-plugin-cloudmanager, try cloning it from this GitHub link: https://github.com/adobe/aio-cli-plugin-cloudmanager.
II. Setup the Adobe I/O CLI Authentication
Start by visiting the Adobe Developer Console. Make sure to select your organization, including Cloud Manager, using the Adobe Org switcher in the top right corner.
Here, simply make a new project called Cloud Manager and choose Cloud Manager as the product or service.
Adobe CLI offers two authentication modes: Browser-based and Service Account. With browser-based authentication, CLI actions use your permissions, while Service Account authentication requires a separate account with potentially different permissions.
» Browser-Based Authentication
Open the command line and run the following command:
aio auth:login
or
aio auth:logout
Once you have successfully authenticated your username/password through the Adobe CLI command above, the screen should be the following:
Adobe CLI needs to know the Adobe Organization Identifier (OrgId). There are two ways to do this:
aio cloudmanager:org:select
or
aio console:org:select
After that, go ahead and configure Adobe CLI for Cloud Manager.
aio config:set cloudmanager_programid PROGRAMID
Run the command aio config list to display credentials such as access token, refresh token, and organization or program ID that you have previously established.
{
aio-cli-telemetry: {
optOut: false,
clientId: <Your client id>
},
ims: {
contexts: {
cli: {
cli.bare-output: true,
access_token: {
token: "<Your access token>",
expiry: 1703047648714
},
refresh_token: {
token: "<Your refresh token>",
expiry: 1704170848715
}
}
}
},
console: {
org: {
id: "<Your organization id>",
code: "<Your Code>",
name: "<Your name of organization>"
}
},
cloudmanager_programid: "<Your program id>"
}
Retrieve a list of your projects within the selected organization.
aio console project list
Choose the project (DEV/SIT/PROD) based on its ID or name to track logs from the Adobe Cloud.
aio console project select [PROJECTIDORNAME]
For example, here is the payload for the project that we will assign using Adobe CLI:
aio console project select AEMp{programId}e{environmentId}
Project selected AEMp{programId}e{environmentId}
You are currently in:
1. Org: Flagtick Inc
2. Project: AEMp{programId}e{environmentId}
3. Workspace: <no workspace selected>
After that, proceed to set the default environment based on the Environment ID.
aio config:set cloudmanager_environmentid <environment id>
Run aio config list to display all information about the project and environment. This allows you to validate the configuration.
{
aio-cli-telemetry: {
optOut: false,
clientId: <Your client id>
},
ims: {
contexts: {
cli: {
cli.bare-output: false,
access_token: {
token: "<Your access token>",
expiry: 1703047648714
},
refresh_token: {
token: "<Your refresh token>",
expiry: 1704170848715
}
}
}
},
console: {
org: {
id: "<Your id>",
code: "<Your code>",
name: "Flagtick Inc"
},
project: {
name: "AEMp{programId}e{environmentId}",
enabled: 1,
title: "AEM-p{programId}-e{environmentId}",
org_id: {orgId},
date_created: "",
date_last_modified: "",
who_created: "",
who_last_modified: "",
description: "",
type: "default",
deleted: 0,
id: "",
notifications_enabled: true
}
},
cloudmanager_programid: "<program id>",
cloudmanager_environmentid: "<environment id>"
}
Next, let us retrieve all workspaces and select one for the chosen project.
aio console workspace list
aio console workspace sel [WORKSPACEIDORNAME]
You can find instructions for using Adobe CLI to access Adobe Cloud here.
III. Cloud Manager Plugin for the Adobe
Install the Adobe I/O CLI Cloud Manager Plugin to unlock advanced features for managing cloud services. Additionally, you can visit the provided URL to download the Cloud Manager plugin as a downloadable file.
$ aio plugins:install @adobe/aio-cli-plugin-cloudmanager
Installing plugin @adobe/aio-cli-plugin-cloudmanager... - [1/4] Resolving packages...
...
warning @adobe/aio-cli-plugin-cloudmanager > @oclif/command > @oclif/help > @oclif/config > @oclif/[email protected]: PackageInstalling plugin @adobe/aio-cli-plugin-cloudmanager... | [1/4] Resolving packages...
Installing plugin @adobe/aio-cli-plugin-cloudmanager... / [2/4] Fetching packages...
warning "@adobe/aio-cli-plugin-cloudmanager > @oclif/plugin-help > @oclif/core > [email protected]" has unmet peer dependency "@types/node@*".
warning "@adobe/aio-cli-plugin-cloudmanager > @oclif/plugin-help > @oclif/core > [email protected]" has unmet peer dependenInstalling plugin @adobe/aio-cli-plugin-cloudmanager... installed v4.1.0
$ aio plugins:update
Next, retrieve list of environments in Adobe Cloud Manager, providing insights into the available environment such as development, staging, and production environments.
$ aio cloudmanager:list-environments
Then, carry out of showing all the available log options for that environment.
$ aio cloudmanager:list-available-log-options <environment id>
Environment Id Service Name
────────────── ────────────────── ─────────────
<environment id> preview_dispatcher httpdaccess
<environment id> preview_dispatcher httpderror
<environment id> preview_dispatcher aemdispatcher
<environment id> author aemaccess
<environment id> author aemerror
<environment id> author aemrequest
<environment id> author cdn
<environment id> publish aemaccess
<environment id> publish aemerror
<environment id> publish aemrequest
<environment id> publish cdn
<environment id> preview_publish aemaccess
<environment id> preview_publish aemerror
<environment id> preview_publish aemrequest
<environment id> preview_publish cdn
<environment id> dispatcher httpdaccess
<environment id> dispatcher httpderror
<environment id> dispatcher aemdispatcher
Refer to the following link for detailed instructions: Adobe I/O CLI Cloud Manager Plugin - Download Logs. Use the modified command to retrieve the complete log for aemerror in author mode.
aio cloudmanager:download-logs <environment id> <Service> <Name> [DAYS]
Here is an example: aio cloudmanager:download-logs 343544 author aemerror 7 and verify the results by checking the folder, as shown below:
Service Name Index Date Path
─────── ──────── ───── ────────── ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
author aemerror 0 2023-12-19 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-19.log
author aemerror 0 2023-12-18 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-18.log
author aemerror 0 2023-12-17 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-17.log
author aemerror 0 2023-12-16 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-16.log
author aemerror 0 2023-12-15 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-15.log
author aemerror 0 2023-12-14 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-14.log
author aemerror 0 2023-12-13 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-13.log
author aemerror 0 2023-12-12 C:\Users\admin\Downloads\aio-cli-plugin-cloudmanager-main\aio-cli-plugin-cloudmanager-main\<environment id>-author-aemerror-2023-12-12.log
Furthermore, we can access a continuous stream of log data for the specified environment, service, and log name, as demonstrated below:
aio cloudmanager:environment:tail-log ENVIRONMENTID SERVICE NAME
In summary, to back up all logs from the targeted environment, we may need to use the following two commands:
aio cloudmanager:list-available-log-options <environment id>
aio cloudmanager:environment:download-logs ENVIRONMENTID SERVICE NAME [DAYS]
IV. Manipulating OSGi Environment and Commands
Use the Cloud Manager plugin to retrieve a list of environment variables in Adobe Cloud Manager. Refer to the command syntax below:
$ aio cloudmanager:environment:list-variables <environment id>
This approach is more convenient than manually observing how variables are configured and their values in Adobe Cloud.
Furthermore, you can access a detailed list of pipelines connected to your Adobe Cloud Manager program.
aio cloudmanager:program:list-pipelines
or specific pipeline status
aio cloudmanager:pipeline:list-executions [pipeline id]
Manage the creation or removal of environment variables in Adobe Cloud using the following commands:
aio cloudmanager:set-environment-variables ENVIRONMENT_ID --variable VAR_1 "<value 1>" --secret VAR_2 "<value 2>"
aio cloudmanager:set-environment-variables ENVIRONMENT_ID --delete VAR_1 VAR_2
There are some reference links as below:
- https://github.com/adobe/aio-cli-plugin-cloudmanager#aio-cloudmanagerenvironmentdownload-logs-environmentid-service-name-days
- https://github.com/adobe/aio-cli-plugin-auth#aio-authlogin
- https://github.com/adobe/aio-cli
V. Using Adobe CLI with Service Account Authentication
Before using service account authentication, make sure to create an integration (or project) in the Adobe I/O Console that includes the Cloud Manager service. There are two ways to create an App Builder application:
» Access the Adobe Developer Console and create Cloud Manager app as shown below:
Note: To interact with Adobe CLI via AIO tool, make sure to add Cloud Manager to the list of products or services here.
» Bootstrapping new App using the CLI
Some developers without access to Adobe Developer Console may still want to explore projects or import credentials later. Sample flows are provided below.
aio app init <app_name>
For more detailed information about this setup, refer to the URL provided. The guide from this URL offer official and comprehensive details from the Adobe team. To securely connect and interact with Adobe Cloud services through Adobe CLI, it's important to use the Service Account (JWT) authentication method.
//config.json
{
"client_id": "value from your CLI integration (String)",
"client_secret": "value from your CLI integration (String)",
"technical_account_id": "value from your CLI integration (String)",
"ims_org_id": "value from your CLI integration (String)",
"meta_scopes": [
"ent_cloudmgr_sdk"
]
}
In the config.json file, you will find important settings like client_id, client_secret, and technical_account_id. These are necessary for integrating Adobe Cloud Manager with Adobe CLI, using a Service Account (JWT) in the project we created earlier.
The last bit you need to have at hand is the private certificate you've used to create the integration; you need the private key, not the public one. Now, you are ready to configure the aio CLI.
First, configure the credentials:
aio config:set ims.contexts.aio-cli-plugin-cloudmanager PATH_TO_CONFIG_JSON_FILE --file --json
Then, configure the private certificate:
aio config:set ims.contexts.aio-cli-plugin-cloudmanager.private_key PATH_TO_PRIVATE_KEY_FILE --file
VI. Getting started with Adobe Experience Platform APIs
We can use the Adobe Cloud Manager API to configure and set up REST APIs for downloading all logs related to environments like DEV, SIT, or PROD. You can find detailed information in the documentation available at this link: Adobe Cloud Manager API - Download Logs.
For example, let's use the Download Logs operation as a real example and go through the details of the REST API, including path parameters, query parameters, header parameters, and responses.
» path Parameters
programId <string>
environmentId <string>
For example:
https://cloudmanager.adobe.io/api/program/{programId}/environment/{environmentId}/logs/download
» query Parameters
service <string>
name <string>
date <string>
For example:
https://cloudmanager.adobe.io/api/program/{programId}/environment/{environmentId}/logs/download?service=author&name=aemerror&date=2023-12-12
» header Parameters
x-gw-ims-org-id <string>
Authorization <string>
x-api-key <string>
Accept application/json
For example:
Note: The x-gw-ims-org-id represents the Organization ID, and x-api-key corresponds to the Client ID obtained from the Service Account created in Adobe Cloud within the Cloud Manager project.
VII. Conclusion
In short, this guide makes it easy to get log files in AEM Cloud with Adobe CLI and Cloud Manager. Follow the steps to efficiently retrieve and manage log data for your AEM projects. If you face any issues, refer to the follow-up article and ask questions in the comments.
VIII. Video
