l01cd3v
commented
6 years ago Omitting thee --services argument means all services will be in scope for this Scout2 run. If you wanted to iterate through services via several runs, you'd need to add the --update argument to instruct Scout2 to reload the configuration of services that was previously fetched; it will be discarded otherwise. For example, the following commands would result in your IAM and S3 configurations to be available in the Scout2 report.
Scout2 --profile <name> --services iam
Scout2 --profile <name> --services s3 --updateCan you elaborate about the IAM role usage? Are you running the tool on the same machine? With the IAM role, are you able to successfully run the tool when selecting one service at a time?
x4v13r64
If I don't specify a service or services to run for the report, the report fails to generate and I see lots of botocore
Could not connect to endpoint https://<regions>.<service>...exceptions.I tried to isolate which service is failing since it wasn't clear from the debug/console output. I debugged by running the
--servicesflag and trying each service manually. The report seems to generate fine for all of them so I don't know why it fails when I omit the--servicesoption.Another thing to note is that this only seems to fail for the IAM role I call as the profile name. If I leave it as default or specify an IAM user, it generates the report even when I omit the services and just do default to all services. When running as IAM role, the errors start popping up around the EC2 and VPC config and continue on until the end of the run. Testing both of those services in isolation and with each other, I can't replicate the errors. It only happens when using the default of all services.
So I'm wondering, is specifying
--servicesand then listing each service the functional equivalent of just not explicitly specifying any service?