Skip to main content
Skip table of contents

AWS Troubleshooting

This guide lists common symptoms, likely causes, and actions you can take before escalating to Cloudaware Support.

AssumeRole or Credential Validation Failures

Symptoms

  • An AWS account shows red status or validation errors in Cloudaware Admin.

  • Error messages mention AssumeRole failures (e.g., Insufficient access to AWS ec2:DescribeInstances to collect AWS EC2 Instance on: {list of instances}*), invalid External ID, or invalid credentials.

*If you use Service Control Policies (SCPs) to restrict access to specific AWS regions, Access Denied is an expected AWS response. Cloudaware sends API calls to all AWS regions by default to ensure complete infrastructure visibility, so polling a region blocked by an SCP triggers the warning banner.

Checks

  • In the AWS console:

    • Confirm that the CloudFormation stack or IAM role/user created for Cloudaware still exists and is not disabled.

    • Check that the External ID in the role’s trust policy, if present, matches the value configured in Cloudaware.

    • Verify that access keys (if used) are active and not rotated or deleted.

  • In Cloudaware Admin:

    • Ensure that the correct Role ARN or access keys are configured for the account.

After correcting issues, re‑run validation in Cloudaware and wait for the next discovery cycle.

Accounts or Organizations Appear but Have No Data

Symptoms

  • An account or organization appears with green or recently added status, but no AWS resources are visible in CMDB.

Checks

  • Confirm that the role or user attached to the account has at least the Cloudaware collector policies, not just narrow or unrelated policies.

  • For AWS Organizations:

    • Ensure that the StackSet was deployed to the intended Organizational Units (OUs).

    • Confirm that member accounts show the expected Cloudaware role and trust relationship.

If necessary, redeploy or update the CloudFormation stacks/StackSets and confirm that Stack/StackSet events completed successfully.

Unusual Gaps in Services

Symptoms

  • Core resources (EC2, S3, VPC) appear, but certain services, e.g., EKS or billing data, are empty.

Checks

  • Confirm that:

    • Tagging, billing, CloudTrail, or other optional policies are attached where those features are expected.

    • EKS cluster access is configured (IAM role mapped to the cluster and Kubernetes RBAC applied) if you expect Kubernetes‑level detail.

  • Ensure that prerequisite services (for example, CUR exports to S3 for billing) are configured and up to date on the AWS side.

Throttling or Rate‑Limit Issues

Symptoms

  • Errors referencing AWS throttling or rate limits.

  • Discovery appears slower than expected in large environments.

Checks

  • Large organizations or high‑API‑volume accounts may hit AWS service limits.

  • Cloudaware includes backoff and retry logic, but per‑service and per‑region limits still apply.

Mitigations

  • If possible, stagger large changes or onboarding waves across maintenance windows.

  • Work with Cloudaware Support if persistent throttling appears across many services or regions; they can help tune schedules and call patterns.

Still Stuck?

If issues persist after these checks, collect the following details:

  • Screenshots of IAM role/user configuration, policies, and trust relationships.

  • Example account IDs and resource IDs that are missing.

  • Error text or screenshots from Cloudaware.

Contact Cloudaware Support at support@cloudaware.com and include these details to help shorten time to resolution.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close