Since we upgrade to boundary 0.9.0 (from 0.8.1) dynamic host catalogs on AWS seems to be broken. https://learn.hashicorp.com/tutorials/boundary/aws-host-catalogs?in=boundary/configuration was followed to configure dynamic host catalogs on AWS. From AWS CloudTrail, since the upgrade, we do not see anymore calls to
ec2:DescribeInstances associated to the IAM user configured.
As far as I know there were no changes to host catalogs between the two versions. Can you ensure that the credential is still valid? Do you see anything in boundary’s events?
The credential of the IAM user is still valid. From the AWS CloudTrail console
The 0.9.0 upgrade took place around June 24, 2022, 21:01:35 (UTC+02:00). The only call after that is today when I tried to recreate the host catalog plugin, host set plugin and target (because it was not working) but I guess this call is just a configuration check as DryRun flag is set.
What is shown in Boundary’s event log? If it’s not syncing there is likely some issue.
There is a known bug in 0.9 if controller names are less than 10 characters it can fail to register jobs. This will be shown as an error in the event log. It will be fixed in 0.9.1.
Indeed, I see the error message
db.Query: controller_id_must_be_at_least_10_characters constraint failed: check constraint violated: integrity violation: error #1000
@jeff Thank you very much for you help!
Sure, glad to be of help!
Update to 0.9.1 fixed this issue