This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

Some users may be experiencing issues when trying to access customer resources like the Case Portal or the Product Licensing Center. Our team is aware of the issue and is working to resolve it. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS Powershell adapter - Test Connection Error

mfranz
By Level 17 Champion
Level 17 Champion

Hi,

A customer is getting this error message when testing their AWS connections:

2021-03-23_17h07_04.png

The actual inventory import is running fine, so it's not really a problem, but does anyone see the same in their environment?

By the way, taking hte screenshot, the Beacon UI was started using the service account, so I guess there shouldn't be a difference to the actual inventory import.

Best regards,

Markward

‎Mar 24, 2021 12:57 PM

0 Kudos
(5) Replies

dsalter
By
Level 6

This indicates the account that is being used for the AWS EC2 connection is missing GetUser from the IAM Policy.  

Documentation status the following roles are required:

  • DescribeInstances
  • DescribeHosts
  • DescribeReservedInstances
  • GetUser.

If you have access to the AWS console try reviewing the  policy in the IAM console 

https://docs.flexera.com/FlexNetManagerSuite2020R2/EN/Features/index.html#FeatureList/2018R2/RN_feat_AWSEC2.html

 

‎Mar 24, 2021 01:56 PM

mfranz
By Level 17 Champion
Level 17 Champion
In response to dsalter

Hi,

Thanks, that's really helpful. Would you say, the fact that the actual connection works, indicates that GetUser is only needed for the Test-Connection case?

Best regards,

Markward

‎Mar 25, 2021 02:50 AM

0 Kudos

dsalter
By
Level 6
In response to mfranz
I do see that Get-IAMUser and other IAM user policy functions are being used outside the test connection function. So I assume the connector is not collecting all the information possible. Do you see any errors in the logs?

‎Mar 25, 2021 09:15 AM

0 Kudos

mfranz
By Level 17 Champion
Level 17 Champion
In response to dsalter

I have checked the debug compliance reader logs for 3 AWS connections. No error is logged there, still the Bescon test-connection throws above error. I've double checked the service account is identical, so it does not seem to be a credential thing.

Does the "Test connection" button just run the test-connection function from the Logic.ps1?

‎Mar 30, 2021 10:00 AM

0 Kudos

dsalter
By
Level 6
In response to mfranz
It looks to me the test connection logic is inconsistent with the actual automation so I wouldn't imagine it is having a problem. Likely because the Get-IAMUser call is made to validate credentials.

‎Mar 30, 2021 11:14 AM

0 Kudos