Directly contact our Support Team

Troubleshoot the GravityZone On-Premise integration with Amazon EC2

As Amazon EC2 customer, you can integrate the inventory of EC2 instances grouped by Regions and Availability Zones with the GravityZone network inventory.

Prerequisites

  • A company administrator account in a fully functional on-premise GravityZone console, able to communicate with the address of your specific AWS EC2 region:
    • ec2.[aws-region].amazonaws.com:44 (view the full list here)
  • An active AWS IAM service account with the following privileges:
    • Programmatic access (access / secret key)
    • IAMReadOnlyAccess
    • AmazonEC2ReadOnlyAccess for all required AWS regions

Troubleshooting

If you fail to create an Amazon EC2 integration in GravityZone, or the integration becomes out of sync, check the following possible causes and solutions:

Issue Solution
The AWS account linked to the provided credentials is missing one or both of the required permissions (IAMReadOnlyAccess and AmazonEC2ReadOnlyAccess). Access the AWS user roles and policies and add all the required permissions.
The recently modified AWS account user permissions have not yet propagated all across AWS, while creating the AWS integration in GravityZone. Wait for a few minutes, and then try again to configure the integration.
The AWS policy linked to the AWS user account includes only a part of the specific regions (for example us-east-1, or us-east-1 and us-east-2). We only support integrations for AWS user accounts with access rights on all regions. Apply the AWS user account with AmazonEC2ReadOnlyAccess permission for all the required EC2 regions.
Some Amazon EC2 regions are unavailable. GravityZone requires connectivity to all AWS regions when creating the integration or synchronizing the AWS inventory. When GravityZone cannot communicate with one or several regions, the integration fails or becomes out of sync. Possible reason: outage of the corresponding AWS regions. Check the AWS regions status page and try again to create / synchronize the integration when the outage is solved.
Trying to create multiple Amazon EC2 integrations using the same AWS account. GravityZone supports multiple AWS EC2 integrations based on access and secret keys of different AWS accounts. It is not possible to create two Amazon EC2 integrations using the same AWS account, even when providing two sets of access and secret keys. Use a set of credentials of a user created under a different AWS account, when trying to create another Amazon EC2 integration in GravityZone.
The provided secret and access keys are no longer valid or available, and the integration becomes out of sync. Access the AWS account and create another key pair for the corresponding IAM user.
Your firewall is blocking the communication between GravityZone appliance and AWS. Configure the firewall (or a proxy) to allow network access between GravityZone and AWS.

Rate this article:

Submit