search

iann0036 / former2

Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.
https://former2.com
MIT License
2.23k stars 268 forks source link

GovCloud / AppStream not seeing many resources #272

Open cloud-aware opened 2 years ago

cloud-aware commented 2 years ago

Hi, I'm scanning a GovCloud account with credentials that have full AWS ReadOnly access. After completing scanning, I'm not able to see AppStream Stacks, Stack User Associations, Image Builders, Directory Configs, etc

It seems I can only see the Fleet and the Stack Fleet Association. Any ideas on how I can generate Cloudformation/Terraform for those resources?

cloud-aware commented 2 years ago

Additional details from Developer Console:

Uncaught (in promise) null appstream.js:1000 Error calling AppStream.describeFleets. The security token included in the request is invalid. mappings.js:2

iann0036 commented 2 years ago

Hey @Skullduggeryism,

I don't have access to a GovCloud account so can't test for sure, but I believe the issue you're seeing relates to your credentials possibly being expired. Are you using a session that may have expired?

If not, there may be a GovCloud specific issue I'm unaware of here.

cloud-aware commented 2 years ago

Hey @Skullduggeryism,

I don't have access to a GovCloud account so can't test for sure, but I believe the issue you're seeing relates to your credentials possibly being expired. Are you using a session that may have expired?

If not, there may be a GovCloud specific issue I'm unaware of here.

Thanks for the response, I don't believe they're expired, because I'm able to scan & get data for other resources. There is an Appstream limitation in GovCloud where you can't have User pools, you instead rely on AD users connected as an identity provider. But stacks, image builders, etc should be able to be seen. From their docs ( https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-appstream2.html ):

The following CloudFormation resources are not available in AWS GovCloud (US-West):

AWS::AppStream::User AWS::AppStream::StackUserAssociation

iann0036 commented 2 years ago

Ah, interesting differences.

That's probably the underlying reasoning - will have to carve out some time to have a look and effectively ignore some errors this'll spit based on the assumption that the service follows the commercial region rules.