Harvesting Failure Messages

Common Harvesting Failure Messages and Details on What They Mean

The page provides descriptions of common failure messages associated with Harvesting. Within InsightCloudSec, the field "Failure Context" provides messages that point to different reasons behind harvest failures, which normally have different solutions to achieve a successful harvest. Sometimes the same message can have a different meaning depending on the cloud type.

24522452

Harvesting - Failure Context

Harvesting Failure Context, or failure messages, are available under the individual cloud detail pages.

From the main navigation under "Cloud --> Clouds" select your cloud account from the Listing page, and then select the "Harvest Info" section.

Messages about failures appear under the "Failure Context" column, as shown in the example above.

For assistance with any of the issues outlined below, reach out to us through the Customer Support Portal.

Failure Context Details

ASSUMED_ROLE_ERROR (AWS)

An issue with assuming the role. For AWS, this message could apply to instance assume role or STS assume role.

Troubleshooting Recommendations

  • AWS: Confirm that the role you are assuming has an assume role/STS policy attached. Confirm that your ARN is correct. Confirm that your external ID, if you have one, is correct.

AUTH_FAILED

The credentials used to add the cloud account are no longer valid.

Troubleshooting Recommendations

  • AWS: It is possible that the external ID used in your trust relationship has been changed. It is also possible that long-term API credentials, which are deprecated, have been deactivated or are expired.

DISABLED

The resource has been disabled locally and will no longer attempt to harvest.

Troubleshooting Recommendations

  • If you wish to resume harvesting the resource, change its setting on the Cloud Listing page under Disabled Resources.

ERROR

The harvest failure is likely due to an operational or code issue.

Troubleshooting Recommendations

  • Try to manually enqueue the harvest and confirm that the attempt either succeeds or fails. If it fails again, submit a trouble ticket so we can investigate further with you.

PROVIDER_ERROR

The harvest failure is due to an issue at the remote end of the API call.

Troubleshooting Recommendations

  • Either let the next scheduled harvest run or try to manually enqueue the harvest and confirm that the attempt either succeeds or fails. If it fails again, then the provider may be experiencing longer-term technical issues.

RATE_LIMITED

The harvest API call has been declined by the provider because the customer has reached the limit of API calls the provider will accept from the customer during that window of time.

Troubleshooting Recommendations

  • Rate limits are customer-based, not product-based, so the issue may be due to API calls made outside of InsightCloudSec.
  • To reduce the number of API calls InsightCloudSec makes, consider enabling Event-Driven Harvesting, which makes resource-specific calls based upon specific events, or updating your Harvesting Strategy to reduce the frequency of API calls.
  • Read more about Event-Driven Harvesting on the Harvesting Overview page.

TIMEOUT

The harvest API call did not complete in time.

Troubleshooting Recommendations

  • Either let the next scheduled harvest run or try to manually enqueue the harvest and confirm that the attempt either succeeds or fails. If it fails again, then the provider may be experiencing technical issues similar to PROVIDER_ERROR.

UNAUTHORIZED

The harvest failure is due to invalid permissions related to that API call.

Troubleshooting Recommendations

  • AWS: Make sure that the role you are using to harvest resources has the necessary permissions. The easiest way to confirm appropriate permissions are in place is check the Visibility status on the Cloud Listing page.
  • You may need to rescan to validate current permissions. If the status is green, then please contact support as a required permission may be missing from our documentation. If status is yellow, then it should specify the missing permissions.

UNAUTHORIZED SCP (AWS-Only)

The harvest failure is due to a Service Control Policy that is explicitly denying permission for the API call.

Troubleshooting Recommendations

  • Review any Service Control Policies that are in effect for the impacted account to look for policies that may be denying access and update them as desired to add access.