AWS Certificate Manager Spoke

Breizh
Tera Contributor

I am trying to retrieve certificate metadata from AWS Certificate Manager using the AWS Certificate Manager Spoke. Our Cloud team has provisioned the Access Key ID and Secret Access Key in a sub account, and I have created the associated AWS Credentials and Credential Alias. When testing the Look Up Certificates action, it returns 0 certificates (there are 9 certs in that sub account). The action has 1 mandatory field (Region), but I can't find any information about the required format of the field. I manually set it to us-east-1.

 

Is there any documentation or example out there, txt or vid, on how this spoke and how to troubleshoot the issue?

 

Thanks.

4 REPLIES 4

Amarjeet Pal
Kilo Sage
Kilo Sage

Hello @Breizh ,

I'll provide information and troubleshooting steps to help you retrieve certificate metadata successfully:

Documentation :

  • Official Documentation:
  • Double-check the Region format. It should be the standard AWS Region name, such as us-east-1. Avoid spaces or extra characters.
  • Meticulously re-enter the Access Key ID and Secret Access Key to ensure no errors or typos.
  • Verify that the associated AWS Credentials and Credential Alias are correctly configured in ServiceNow.
  • Confirm that the provided credentials have the necessary permissions to access ACM certificates in the specified sub account.
  • If using a multi-account setup, ensure the spoke is explicitly configured to use the sub account credentials and region.
  • Review the spoke configuration for any potential errors or missing settings.
  • Use AWS CLI or SDK to test access to ACM certificates using the same credentials and region to isolate the issue.

Thanks,

Amarjeet Pal

Where do you configure the spoke for sub account? For the life of me, I cannot see any configuration information other than the Access Key ID and Secret Access Key.

@Amarjeet Pal , You mention "If using a multi-account setup, ensure the spoke is explicitly configured to use the sub account credentials and region."
Do you have any guidance on where to configure the sub-account in the Spoke?

Breizh
Tera Contributor

The AWS IAM user is showing as "never used" in the AWS Console, so I'm guessing the spoke is not configured correctly. Now to find where I need to configure that.