A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS Powershell adapter - Test Connection Error

mfranz
By Level 17 Champion
Level 17 Champion

Hi,

A customer is getting this error message when testing their AWS connections:

2021-03-23_17h07_04.png

The actual inventory import is running fine, so it's not really a problem, but does anyone see the same in their environment?

By the way, taking hte screenshot, the Beacon UI was started using the service account, so I guess there shouldn't be a difference to the actual inventory import.

Best regards,

Markward

(5) Replies

This indicates the account that is being used for the AWS EC2 connection is missing GetUser from the IAM Policy.  

Documentation status the following roles are required:

  • DescribeInstances
  • DescribeHosts
  • DescribeReservedInstances
  • GetUser.

If you have access to the AWS console try reviewing the  policy in the IAM console 

https://docs.flexera.com/FlexNetManagerSuite2020R2/EN/Features/index.html#FeatureList/2018R2/RN_feat_AWSEC2.html

 

Hi,

Thanks, that's really helpful. Would you say, the fact that the actual connection works, indicates that GetUser is only needed for the Test-Connection case?

Best regards,

Markward

I do see that Get-IAMUser and other IAM user policy functions are being used outside the test connection function. So I assume the connector is not collecting all the information possible. Do you see any errors in the logs?

I have checked the debug compliance reader logs for 3 AWS connections. No error is logged there, still the Bescon test-connection throws above error. I've double checked the service account is identical, so it does not seem to be a credential thing.

Does the "Test connection" button just run the test-connection function from the Logic.ps1?

It looks to me the test connection logic is inconsistent with the actual automation so I wouldn't imagine it is having a problem. Likely because the Get-IAMUser call is made to validate credentials.