There are situations where the AWS Discovery fails with multiple errors and it goes difficult to understand where the issue is from, it could be AWS Credential, ServiceNow Cloud API, MID server or any other reasons, this article will demonstrate to verify the AWS credentials from Command line to narrow down the issue.
2. Common Errors
<results error="Method failed: (/) with code: 401 - Invalid username/password combo" probe_time="101">
<result error="Method failed: (/) with code: 401 - Invalid username/password combo">
<?xml version="1.0" encoding="UTF-8"?> <Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>50b89cf8-152b-49f1-99e9-ecf2a5101f22</RequestID></Response>
<results error="Method failed: (/) with code: 403 - Forbidden username/password combo" probe_time="146">
<result error="Method failed: (/) with code: 403 - Forbidden username/password combo">
<ErrorResponse xmlns="http://autoscaling.amazonaws.com/doc/2011-01-01/"> <Error> <Type>Sender</Type> <Code>InvalidClientTokenId</Code> <Message>The security token included in the request is invalid.</Message> </Error> <RequestId>cab3bb2b-633d-11e6-8209-eb0a64f487d1</RequestId> </ErrorResponse>
AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: 0f4d4254-7ef1-4b31-9d83-dd99cbb9b471)
As mentioned in our documentation (AWS credentials for Cloud Management), to configure an AWS Cloud account you need the following information from Amazon:
- AWS account number.
- Access key ID.
- Secret access key
The Access key and Secret key used in AWS credentials and the Account number is used to create Service Account
4. Verification from CLI
Note: Once the Credentials are saved in the ServiceNow Credentials table, the provided secret key is not visible and it will not be possible to know, Customer must need to have all the information handy for verification.
- Login to the MID server
- Install the Command line interface according to the OS, see:
- Verify the configuration of AWS Command Line
- Command to be executed to verify the credentials
- Once this command "aws configure" has been executed, provide the Access Key and Secret Key as provided to the ServiceNow AWS configuration, the Region and output format can be provided as per customer interest
- Soon the command got executed, it will pick up the provided configuration without error
- To verify further, execute any other command to list out the configuration, below one example, executed to list the S3 buckets available and failed with the authentication error
- Request customer to execute any other commands according to their interest, it will fail if the Access key or Secret key are not matching or expired.
- Customer needs to communicate with their AWS admin and get the Access key, Secret key and the Account ID to be accurate and can list the configuration from the MID server with AWS Command Line Prompt.