Unable to log into AWS via Turbot

A common issue is when the AWS button is either grayed out or throws an error when attempting to click it. Usually, the error will be of the form 

Error submitting /api/v3/accounts/aaa/users/testuser/awsConsoleLoginUrls.

This can occur due to permissions not being correctly applied to the user via Turbot, or due to the Directory User control sync stack that Turbot uses to federate accounts into AWS.

1. First, check to confirm that the user has the correct permissions in Turbot. Navigate to the Permissions tab at either the account level or at the cluster level, but keep in mind the account in question must be within that cluster. If the user does not appear, click on the "Show inherited" box, then verify that the user has AWS access.

2. Once verified, check the controls tab for the account. There will be a control titled Turbot AWS/* Directory Users NOT in sync for $accountName. This control triggers the events required to update the AWS account for access. It will usually appear within 15 seconds of changing any AWS permission, though if throttling is enabled on the account it can take longer.

3. Click on the control and hit the "Check" button if it has not already cleared. This will simulate the events to check for errors. If there are no errors, hit apply and wait for the control to run. 

4. Refresh the Turbot page for the user who is attempting to log in. Click the AWS button to federate into the account. The first time logging on will take ~10-15 seconds, but subsequent logins should be within seconds.


If any issues arise, feel free to reach out to help@turbot.com

Was this article helpful?
0 out of 0 found this helpful