Notifications

12 views

Description

When a master-member account hierarchy is present in AWS and uses IAM instance profiles on a MID server running on the master account, Discovery fails to run in the member accounts, even if the AssumeRole functionality is properly configured to allow master-member traversal.

Steps to Reproduce

  1. Set up a master-member hierarchy with AssumeRole relationship in AWS.

  2. Set up a MID Server on an EC2 instance in the master account.

  3. Set up an IAM role with required policies in the master account.

  4. Assign this new role from #3 as the IAM instance profile to the EC2 instance.

  5. Discover the master-member hierarchy from the instance.

  6. Attempt to discover resources within the member accounts.

Workaround

There is no workaround for this issue. The problem is corrected in New York Patch 1 and future releases.


Related Problem: PRB1351462

Seen In

There is no data to report.

Intended Fix Version

New York Patch 1
Orlando

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-08-12 15:46:14
Published:2019-08-12