Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AWS Connector giving error on Save

nutanranee
New Contributor
New Contributor

‎01/17/2023 08:50 AM - edited ‎01/17/2023 08:51 AM

Hello,

I am trying to connect to my AWS instance using the Account ID under AWS connection type. However, I am getting an error on Saving this connection.

nutanranee_0-1673972447406.png

I have created a stack in AWS using the guide AWS Connector Guide : Customer Portal (freshdesk.com)

With ExternalId and MasterAccID as parameters.

The template that I used while creating the stack is :

https://s3.amazonaws.com/saviyntcftemplates/DeploymentTemplates/Saviynt_CFT_Analyzer_IGA_DC.json

How do I ensure the AWS setting is in consistiency with connection details?

I am testing this connection using postman and on using /getConnections call I am getting a Successful message.

nutanranee_1-1673972694389.png

On testing it with testConnection I am getting this message of 405-Not Allowed

nutanranee_3-1673974136314.png

Can someone help me to understand what could have gone wrong here. Do I need to add any specific role in Saviynt corresponding to the one defined in AWS? Or something else.

Thanks in advance.

Regards.

 

Labels:
0 Kudos
16 REPLIES 16

rushikeshvartak
All-Star
All-Star

‎01/17/2023 09:25 PM

Share connection config Screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor
In response to rushikeshvartak

‎01/17/2023 09:46 PM

 

nutanranee_1-1674020664969.pngnutanranee_2-1674020721772.pngnutanranee_3-1674020750977.pngnutanranee_4-1674020791092.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/17/2023 09:52 PM

What is error in logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor

‎01/17/2023 10:11 PM

nutanranee_0-1674022272859.png

This is the error from Application Logs, but not able to figure it out what is actually going wrong, at which place?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/18/2023 04:35 AM

You don’t have access to pull information from AWS hence ask application team to provide required permissions 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor

‎01/18/2023 05:53 AM - edited ‎01/18/2023 06:08 AM

Is there a document to follow on what kind of access do we need to read the resources on AWS? 

AWS Connector Guide : Customer Portal (freshdesk.com) doesn't suggest anything relevant.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/18/2023 08:03 AM

https://docs.saviyntcloud.com/bundle/AWS-v2020x/page/Content/Preparing-for-Integration.htm


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor

‎01/20/2023 07:41 AM - edited ‎01/20/2023 07:43 AM

Thanks Rushikesh,

However, the above mentioned document doesn't help much. Its almost same that I referred while creating stack and all configurations.

While I was able to Test the connection using postman call using GetUser API, I still read this to be an error on Saviynt connecting to AWS using AWS Connector. Which means if I can make a successful call via postman, the policies/roles/permission on AWS works fine.

Also, I tried it via REST connector using AWS details in connectionJSON, but doesnt help as I am still not sure about the auth API url for AWS.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/20/2023 12:00 PM

Does postman working ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor
In response to rushikeshvartak

‎01/22/2023 08:09 PM

Yes, postman calls are working very much fine. And I assume, we dont need any additional permission on AWS for this. I am using AWS signature to carry AccessKey and SecretKey as well.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/23/2023 08:39 AM

share logs of saviynt


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor
In response to rushikeshvartak

‎01/25/2023 12:55 AM

nutanranee_1-1674636698174.png

 

What should be the AWS_Account_ID here, the account ID from AWS(Target System) or the Account ID of AWS on which Saviynt is hosted? Also, should I use this same Account_ID in AWS while creating the stack ?

Also, How do I  find the AWS_STACK_ROLE_NAME is not mentioned in the documentation.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/25/2023 04:43 AM

Target. Connection always contains target system information here its should be AWS information 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor
In response to rushikeshvartak

‎01/25/2023 06:00 AM

I am testing the connection on AWS from postman and it gives me 200 OK (assuming the stack got created correctly)

nutanranee_0-1674655034073.png

However, the connection in Saviynt still giving an error saying :

 

nutanranee_1-1674655123815.png

{"log":"2023-01-25 13:37:44,184 [http-nio-8080-exec-6] DEBUG println.PrintlnToLogger - Println :: \u001b[1;31m| Error \u001b[22;39mcom.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:sts::533811351211:assumed-role/eynordic-partner-eks-workernode-role/i-04bd8ebe995d6dde1 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::3**********9:role/stack-saviynt-aws-trust-SaviyntAWSRole-1W******1*Q*X (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: a65a75cd-6bf6-44b8-be4b-800d189803a7)\u001b[m\n","stream":"stdout","time":"2023-01-25T13:37:44.184247485Z"}

Which user it is referring to ?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to nutanranee

‎01/25/2023 06:02 AM

You missed/ not formatted some connection parameters in EIC


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

nutanranee
New Contributor
New Contributor
In response to rushikeshvartak

‎01/25/2023 06:19 AM

I dont see any attribute for connection parameters for AWS connection type. The 6 mandatory attributes are filled in:

Connection Name 

Connection Type - AWS

AWS_ACCOUNT_ID * - Master Account ID for AWS (Target Application)

CROSS_ACCOUNT_ROLE_ARN - Obtained after creating stack on AWS (tested connection on postman, works fine)

PULL_GOV_REGION_ONLY - No (as suggested)

EXTERNAL_ID - Same as defined in AWS

And I get the same error.

0 Kudos
Copyright © 2024 Khoros, LLC