Re: AWS Powershell adapter - Test Connection Error

mfranz · ‎Mar 24, 2021

Hi,

A customer is getting this error message when testing their AWS connections:

The actual inventory import is running fine, so it's not really a problem, but does anyone see the same in their environment?

By the way, taking hte screenshot, the Beacon UI was started using the service account, so I guess there shouldn't be a difference to the actual inventory import.

Best regards,

Markward

dsalter · ‎Mar 24, 2021

This indicates the account that is being used for the AWS EC2 connection is missing GetUser from the IAM Policy.

Documentation status the following roles are required:

DescribeInstances
DescribeHosts
DescribeReservedInstances
GetUser.

If you have access to the AWS console try reviewing the policy in the IAM console

https://docs.flexera.com/FlexNetManagerSuite2020R2/EN/Features/index.html#FeatureList/2018R2/RN_feat_AWSEC2.html

mfranz · ‎Mar 25, 2021

Hi,

Thanks, that's really helpful. Would you say, the fact that the actual connection works, indicates that GetUser is only needed for the Test-Connection case?

Best regards,

Markward

dsalter · ‎Mar 25, 2021

I do see that Get-IAMUser and other IAM user policy functions are being used outside the test connection function. So I assume the connector is not collecting all the information possible. Do you see any errors in the logs?

mfranz · ‎Mar 30, 2021

I have checked the debug compliance reader logs for 3 AWS connections. No error is logged there, still the Bescon test-connection throws above error. I've double checked the service account is identical, so it does not seem to be a credential thing.

Does the "Test connection" button just run the test-connection function from the Logic.ps1?

dsalter · ‎Mar 30, 2021

It looks to me the test connection logic is inconsistent with the actual automation so I wouldn't imagine it is having a problem. Likely because the Get-IAMUser call is made to validate credentials.