iann0036
GovCloud / AppStream not seeing many resources
Hi, I'm scanning a GovCloud account with credentials that have full AWS ReadOnly access. After completing scanning, I'm not able to see AppStream Stacks, Stack User Associations, Image Builders, Directory Configs, etc
It seems I can only see the Fleet and the Stack Fleet Association. Any ideas on how I can generate Cloudformation/Terraform for those resources?
Additional details from Developer Console:
Uncaught (in promise) null appstream.js:1000 Error calling AppStream.describeFleets. The security token included in the request is invalid. mappings.js:2
Hey @Skullduggeryism,
I don't have access to a GovCloud account so can't test for sure, but I believe the issue you're seeing relates to your credentials possibly being expired. Are you using a session that may have expired?
If not, there may be a GovCloud specific issue I'm unaware of here.
Hey @Skullduggeryism,
I don't have access to a GovCloud account so can't test for sure, but I believe the issue you're seeing relates to your credentials possibly being expired. Are you using a session that may have expired?
If not, there may be a GovCloud specific issue I'm unaware of here.
Thanks for the response, I don't believe they're expired, because I'm able to scan & get data for other resources. There is an Appstream limitation in GovCloud where you can't have User pools, you instead rely on AD users connected as an identity provider. But stacks, image builders, etc should be able to be seen. From their docs ( https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-appstream2.html ):
The following CloudFormation resources are not available in AWS GovCloud (US-West):
AWS::AppStream::User AWS::AppStream::StackUserAssociation
Ah, interesting differences.
That's probably the underlying reasoning - will have to carve out some time to have a look and effectively ignore some errors this'll spit based on the assumption that the service follows the commercial region rules.