workload-discovery-on-aws
workload-discovery-on-aws copied to clipboard
aws-solutions
Discovery only finds API gateways
Describe the bug Discovery only shows API gateways. It is missing VPC, subnets, SG, Lambda, DDB, s3 buckets, cloudfront and other resources. The discovery process seems to be running normally from https://docs.aws.amazon.com/solutions/latest/aws-perspective/debugging-the-discovery-component.html
To Reproduce v1.1.0.
Expected behavior Expect to see VPC, subnets, SG, Lambda, DDB, s3 buckets, cloudfront and other resources
Screenshots
Browser (please complete the following information):
- Chrome
- Version 93.0.4577.63 (Official Build) (64-bit)
Additional context The solution/account being inspected has been deployed with minimum privilege roles, however this should not be causing any issues due to the perspectives IAM roles.
This looks like the install of AWS Config has gone wrong somewhere. Is the account you're importing the Perspective account or a different one? If it's the Perspective account Can you check the CloudFormation stack called aws-perspective-<account-no>-eu-west-1-DiscoveryImport-* and see if there are any errors there. If it's not the Perspective account, can you go to the to the account where you installed the regional-resources.template file and see if there are any errors there.
Thanks for your help.
I have perspectives in a different account to what I am inspecting. I am pretty sure the template I installed was called global-resources-*.template (this is what I have downloaded), so I am checking my config. Having to wait for an ultra-slow password reset because browser did not remember my login. Is this something that is disabled by the sign-in form? I notice that autocomplete="off". This means I can't use the browser to remember the auto-suggested, secure password, and I have to store it in a different, non-secure location.
The UI was very unclear about what CFN gets installed where. And I followed the trouble shooting guidance before creating an issue. I will report back later (hopefully the password reset arrives before it times out)
You need to install the global-resource.template in the account you're importing (this just contains an IAM role, which only needs to be done once per account as IAM is a global service) and then you need to install the regional-resources.template in the region you wish to import (this sets up AWS Config, which is a regional service). There is more information on this in the section entitled Step 3. Import a Region in the documentation here.
Thank you. The section titled 'What template do I need to download?' made this sound like an either/or, ie deploy the global or the regional resource for a brand new account. I just deployed the global. I have now deployed the regional CFN to Sydney and US-East-1. Both CFN deployed to completion without errors. I am now seeing data for 323 resources.
Ah good stuff. We can look at making the wording a bit less ambiguous there then.
I just experienced this same thing, and had read the documentation in the same manner as @datamystic
Same issue here, deployed in account X(us-east-1), Imported account Y via global config and regin config (us-west-2) and seeing same phanomen.
2022 and this same exact instructions caused me a couple of days of frustration. It was still not clear that both templates needed to be deployed and I am thankful for this issue. I was deploying through stacksets and deploying the Regional template as well as the Global solved the issue.
