Skip to Content

The AWS API ETL fails to collect data from multiple accounts

When you run the AWS API ETL to fetch resources data from your multiple AWS accounts, the ETL fails with a session timeout error. This failure usually occurs after an hour, which is the default session timeout internal.

Resolution

This issue occurs when you have large number of instances provisioned in your AWS accounts or slow network connection.

To resolve this issue, do the following:

  1. Configure the ETL to increase the session timeout value


    1. Log in to the TrueSight Capacity Optimization.
    2. Click Administration > ETL & System Tasks > ETL tasks.
    3. Click the name of required AWS API ETL, and then click edit_do.pngedit run configuration.
    4. Click Advanced > Additional properties.
    5. Add the extract.aws.linkedaccount.session.timeout.seconds property and specify a value greater than 3600, which is the default value. This default value is set when you create a cross-account role in AWS. The minimum value that AWS recommends is 900.

      aws_api_etl_config_session_timeout.png
    6. Save the changes. 

  2. Configure cross-account roles to increase the session duration

    1. Log in to the AWS console.
    2. Click Services > IAM > Roles.
    3. Click the cross-account role name.
    4. Increase the value for the maximum CLI/API session duration, and save the changes.

      aws_crossrole_config.png
    5. Repeat steps b to d for each cross-account role that you created for the linked accounts.
    Warning

    Always ensure that the session timeout value configured for the ETL is less than the session duration value configured in AWS for cross-account roles.

Related topic

Amazon-Web-Services-AWS-API-Extractor

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Cloud Cost Control 11.5