Issue
There are situations where the AWS Discovery fails with multiple errors and it goes difficult to understand where the issue is from, it could be AWS Credential, ServiceNow Cloud API, MID server, or any other reasons, this article will demonstrate to verify the AWS credentials from Command line to narrow down the issue.
Common Errors
<results error="Method failed: (/) with code: 401 - Invalid username/password combo" probe_time="101">
<result error="Method failed: (/) with code: 401 - Invalid username/password combo">
<output>
<?xml version="1.0" encoding="UTF-8"?> <Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>50b89cf8-152b-49f1-99e9-ecf2a5101f22</RequestID></Response>
</output>
<results error="Method failed: (/) with code: 403 - Forbidden username/password combo" probe_time="146">
<result error="Method failed: (/) with code: 403 - Forbidden username/password combo">
<output>
<ErrorResponse xmlns="http://autoscaling.amazonaws.com/doc/2011-01-01/"> <Error> <Type>Sender</Type> <Code>InvalidClientTokenId</Code> <Message>The security token included in the request is invalid.</Message> </Error> <RequestId>cab3bb2b-633d-11e6-8209-eb0a64f487d1</RequestId> </ErrorResponse>
AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: 0f4d4254-7ef1-4b31-9d83-dd99cbb9b471)
Prerequisite
As mentioned in our documentation (AWS credentials for Cloud Management), to configure an AWS Cloud account you need the following information from Amazon:
- AWS account number.
- Access key ID.
- Secret access key
The Access key and Secret key are used in AWS credentials and the Account number is used to create Service Account
Verification from CLI
Note: Once the Credentials are saved in the ServiceNow Credentials table, the provided secret key is not visible and it will not be possible to know, Customer must need to have all the information handy for verification.
- Log in to the MID server
- Install the Command-line interface according to the OS, see:
- Verify the configuration of AWS Command Line
- Command to be executed to verify the credentials: aws configure
- Once this command has been executed, provide the Access Key and Secret Key as provided to the ServiceNow AWS configuration, the Region and output format can be provided as per your prefer
- As soon as the command runs, it will pick up the provided configuration without error
- To verify further, you can run any other command to list out the configuration, see screenshot for an example, executed to list the S3 buckets available and failed with the authentication error