Hello,
Does agent installed on an AWS instance collects the instance's ID?
Thanks,
Paweł
‎Dec 12, 2023 01:17 AM
Yes, the instance ID and other cloud service provider metadata appears in an NDI file similar to the following:
<Hardware Class="MGS_CloudMetadata" Name="Amazon Web Services" Evidence="metadata">
<Property Name="instance-id" Value="i-08a70ef00e6c7d249" Evidence="/latest/meta-data/instance-id"/>
<Property Name="document" Value="[encoded data]" Evidence="/latest/dynamic/instance-identity/document"/>
</Hardware>
‎Dec 12, 2023 03:43 AM
You could check in the tracker.log file to see whether it shows any kind of error when connecting to the AWS Instance Metadata Service (IMDS), which is where the instance details are gathered from.
One thing to consider is that you will need to use a newer agent if that your AWS environment has IMDSv1 disabled and only IMDSv2 is available (see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html). Support for IMDSv2 is available in agent releases 20.3.1 (2023 R1.2) and later.
‎Dec 12, 2023 04:43 AM
Yes. The instance ID details are gathered and used to match the inventory details with instance details gathered using the AWS connector so you can see the relationship between both sets of data on the Cloud Service Provider Inventory page.
‎Dec 12, 2023 03:23 AM
So am I getting you right @ChrisG ? So I should see it in the ndi file?
‎Dec 12, 2023 03:30 AM
Yes, the instance ID and other cloud service provider metadata appears in an NDI file similar to the following:
<Hardware Class="MGS_CloudMetadata" Name="Amazon Web Services" Evidence="metadata">
<Property Name="instance-id" Value="i-08a70ef00e6c7d249" Evidence="/latest/meta-data/instance-id"/>
<Property Name="document" Value="[encoded data]" Evidence="/latest/dynamic/instance-identity/document"/>
</Hardware>
‎Dec 12, 2023 03:43 AM
Thanks @ChrisG!.
So now I just have to figure out why I am not seeing those lines in the ndi file from a test server where we installed the 2023 R1 agent. Any ideas what to look for?
‎Dec 12, 2023 04:29 AM
You could check in the tracker.log file to see whether it shows any kind of error when connecting to the AWS Instance Metadata Service (IMDS), which is where the instance details are gathered from.
One thing to consider is that you will need to use a newer agent if that your AWS environment has IMDSv1 disabled and only IMDSv2 is available (see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html). Support for IMDSv2 is available in agent releases 20.3.1 (2023 R1.2) and later.
‎Dec 12, 2023 04:43 AM
Hi @ChrisG thank you for the detail. When I am looking for the AWS connection using the EC2 role-based access - is that also supporting the Metadata Version 2? I couldn't find that details in Flexera documentation. Thank you.
https://docs.flexera.com/flexera/EN/ITAssets/IB-ConnectAWSfib.htm
‎Feb 12, 2024 05:01 PM
Thank you very much @ChrisG.
In the log I can see:
[12/5/2023 2:56:14 PM (G, 0)] {3420} The following error e069009a occurred while retrieving data from 'http://169.254.169.254/metadata/instance/compute/vmId?api-version=2018-02-01&format=text'
Authentication method not supported
So it seems this is it.
Not sure what answer I should mark as a solution. Both are equally important 🙂
‎Dec 12, 2023 05:19 AM
I believe, you can mark multiple answers as solution.
‎Dec 13, 2023 02:52 AM