mfranz
Trusted advisor

AWS Powershell adapter - Test Connection Error

Hi,

A customer is getting this error message when testing their AWS connections:

2021-03-23_17h07_04.png

The actual inventory import is running fine, so it's not really a problem, but does anyone see the same in their environment?

By the way, taking hte screenshot, the Beacon UI was started using the service account, so I guess there shouldn't be a difference to the actual inventory import.

Best regards,

Markward

Softline Group is Europe's leading independent expert in Software Asset Management.
0 Kudos
5 Replies
dsalter
Active participant

This indicates the account that is being used for the AWS EC2 connection is missing GetUser from the IAM Policy.  

Documentation status the following roles are required:

  • DescribeInstances
  • DescribeHosts
  • DescribeReservedInstances
  • GetUser.

If you have access to the AWS console try reviewing the  policy in the IAM console 

https://docs.flexera.com/FlexNetManagerSuite2020R2/EN/Features/index.html#FeatureList/2018R2/RN_feat...

 

mfranz
Trusted advisor

Hi,

Thanks, that's really helpful. Would you say, the fact that the actual connection works, indicates that GetUser is only needed for the Test-Connection case?

Best regards,

Markward

Softline Group is Europe's leading independent expert in Software Asset Management.
0 Kudos
dsalter
Active participant

I do see that Get-IAMUser and other IAM user policy functions are being used outside the test connection function. So I assume the connector is not collecting all the information possible. Do you see any errors in the logs?
0 Kudos
mfranz
Trusted advisor

I have checked the debug compliance reader logs for 3 AWS connections. No error is logged there, still the Bescon test-connection throws above error. I've double checked the service account is identical, so it does not seem to be a credential thing.

Does the "Test connection" button just run the test-connection function from the Logic.ps1?

Softline Group is Europe's leading independent expert in Software Asset Management.
0 Kudos
dsalter
Active participant

It looks to me the test connection logic is inconsistent with the actual automation so I wouldn't imagine it is having a problem. Likely because the Get-IAMUser call is made to validate credentials.
0 Kudos