Performing the 'Refresh Members' UI Action from an AWS Master Service Account does not work as expected when there are more than 40 accounts associated with the AWS Master. The AWS Master Account can only discover the first 40 Child Accounts, due to Pagination only working on the first page. The second page pattern sends an incorrect token for it to be invoked.

The issue occurs in the OOB Pattern step "If pagination, get the rest of the batches" which generates the error below: 

Subaccounts list REST request failed. error=Cloud request failed. URL: ... Status: 400 Server response: Response: HTTP/1.1 400 Bad Request [x-amzn-RequestId: 9e563c22-8019-11e9-9896-b9e126ea352d, Content-Type: application/x-amz-json-1.1, Content-Length: 35, Date: Mon, 27 May 2019 00:51:53 GMT, Connection: close] 

Steps to Reproduce

1 - Configure an AWS Master Service Account that has more than 40 accounts associated with it.
2 - Click on "Refresh Members" and wait for completion.

Note that the child service accounts list is incomplete, or there are no service accounts listed under the section tab, meaning the Master account was not returned within the first 40 records, so no relationships could be built.


This problem has been fixed. If you are able to upgrade, review the Fixed In section to determine the latest version with a permanent fix your instance can be upgraded to.

The workaround consists in modifying the AWS Organization pattern in step 10 adding the last line listed here:
if ( token ){
token = token[0];
// Strip XML tags if exist.
token = token.replace(/<\/?nextToken>/gi, '');
token = '"' +token +'"'

The already edited attached Pattern XML can also be used. See the code change comparison below:

Related Problem: PRB1329202

Seen In

There is no data to report.

Fixed In

London Patch 8
Madrid Patch 3
New York

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-07-24 05:13:20