Skip to content

Jobs failing when using AWS access keys #46

Description

@ninjakitteh69

when using configured AWS access keys instead of roles, the request is failing with an unauthorised error. This only happens when configuring an import job. The keys work successfully when pressing the check for changes button and trigger import run buttons. This is specific to configured keys only. if using role based permissions, this works successfully however i need to access machines in a different account so role based permissions is not an option.

Stacktrace ...
This Import Source failed when last checked at 2020-05-06 11:10:57: Error executing "DescribeInstances" on "https://ec2.eu-west-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://ec2.eu-west-1.amazonaws.com` resulted in a `401 Unauthorized` response: <?xml version="1.0" encoding="UTF-8"?> <Response><Errors><Error><Code>AuthFailure</Code><Message>Authorization header or (truncated...) AuthFailure (client): Authorization header or parameters are not formatted correctly. - <?xml version="1.0" encoding="UTF-8"?> <Response><Errors><Error><Code>AuthFailure</Code><Message>Authorization header or parameters are not formatted correctly.</Message></Error></Errors><RequestID>b9a0e1a3-dbbc-4287-8bc2-091b2763d242</RequestID></Response>

-->

Expected Behavior

on the import run job, it should run the import and pull the new machines in

Current Behavior

on the import run job, its failing with the above error message

Steps to Reproduce (for bugs)

  1. add the aws programmatic keys to the server (user currently has readonly role for ec2 and rds assigned)
  2. create an import source (ec2 Instances, AWS key method selected, Region eu-west-1)
    3.at this point test with the check for changes button that the keys are working correctly
    4.create a new job ( Job type: Import, Disabled:No, Run interval:60, Job Name: import ec2, Import source: , Run import: yes/no both give error)
  3. wait for job to execute to see error message

Context

I cannot import machines located on other AWS accounts as we work in a multiaccount environment and need to be able to monitor machines from each account as the machines get added

Your Environment

  • Module version (System - About): 1.0.0
  • Icinga Web 2 version and modules (System - About): 2.7.3
  • Icinga 2 version (icinga2 --version): 2.11.3-1
  • Operating System and version: CentOS Linux release 7.8.2003 (Core)
  • Webserver, PHP versions: 7.1.30

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions