mfranz
Level 15

AWS Powershell adapter - Test Connection Error

Hi,

A customer is getting this error message when testing their AWS connections:

2021-03-23_17h07_04.png

The actual inventory import is running fine, so it's not really a problem, but does anyone see the same in their environment?

By the way, taking hte screenshot, the Beacon UI was started using the service account, so I guess there shouldn't be a difference to the actual inventory import.

Best regards,

Markward

Softline Group is Europe's leading independent expert in Software Asset Management.
0 Kudos
5 Replies
dsalter
Level 5

This indicates the account that is being used for the AWS EC2 connection is missing GetUser from the IAM Policy.  

Documentation status the following roles are required:

  • DescribeInstances
  • DescribeHosts
  • DescribeReservedInstances
  • GetUser.

If you have access to the AWS console try reviewing the  policy in the IAM console 

https://docs.flexera.com/FlexNetManagerSuite2020R2/EN/Features/index.html#FeatureList/2018R2/RN_feat...

 

Hi,

Thanks, that's really helpful. Would you say, the fact that the actual connection works, indicates that GetUser is only needed for the Test-Connection case?

Best regards,

Markward

Softline Group is Europe's leading independent expert in Software Asset Management.
0 Kudos

I do see that Get-IAMUser and other IAM user policy functions are being used outside the test connection function. So I assume the connector is not collecting all the information possible. Do you see any errors in the logs?
0 Kudos

I have checked the debug compliance reader logs for 3 AWS connections. No error is logged there, still the Bescon test-connection throws above error. I've double checked the service account is identical, so it does not seem to be a credential thing.

Does the "Test connection" button just run the test-connection function from the Logic.ps1?

Softline Group is Europe's leading independent expert in Software Asset Management.
0 Kudos

It looks to me the test connection logic is inconsistent with the actual automation so I wouldn't imagine it is having a problem. Likely because the Get-IAMUser call is made to validate credentials.
0 Kudos