Nagios Support Forum

I just uploaded to a newer version of Nagios XI (5.6.2) and am trying to use the EC2 monitoring wizard. It asks for a Secret API Key and the Secret Passkey. I enter both values and click Get Instances, however, it says no instances can be found. I had the AWS admin generate this Secret Key information.. what roles/permissions are needed on the AWS side to discover instances in an AWS account? Is there a log anywhere where I may find information on why it doesn't see any of the instances?

Thanks,
Paul

I would start troubleshooting, following the steps, outlined in the document below:

https://docs.aws.amazon.com/cli/latest/ ... oting.html

Verify the credentials by running: Make sure that your date/time is in sync.

That begs the question, is the Nagios server supposed to have the AWS CLI libraries on it to successfully execute this wizard? Is there a listing of what software needs to be on the Nagios XI server to make this work?

Thanks,
Paul

Yes, you don't need to install any additional software. Try getting your instances from the command line by running:
Example: You could try running the plugin in verbose mode for troubleshooting purposes:
To view the full usage of the plugin, run: In the GUI:

Excellent! thank you!

Paul

Running the verbose option gives the following output:

/usr/local/nagios/libexec/check_ec2.py -k AKIAWASPRY4YWB3UIXZK -K u7LyyzLF0k/d2OU1whAzMAJOGGm/D+RLpHGh9Kow -g -v
/usr/lib/python2.6/site-packages/urllib3/util/ssl_.py:369: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/lates ... l-warnings
SNIMissingWarning
Traceback (most recent call last):
File "/usr/local/nagios/libexec/check_ec2.py", line 649, in <module>
main()
File "/usr/local/nagios/libexec/check_ec2.py", line 530, in main
options = parse_args()
File "/usr/local/nagios/libexec/check_ec2.py", line 92, in parse_args
get_instances(options.accesskeyid, options.secretaccesskey, options.region)
File "/usr/local/nagios/libexec/check_ec2.py", line 154, in get_instances
if (instance['InstanceId'] != '' and instance['PublicIpAddress'] != ''):
KeyError: 'PublicIpAddress'
[root@rdvirt123 ~]# python --version
Python 2.6.6

paul.omalley wrote:Running the verbose option gives the following output:

/usr/local/nagios/libexec/check_ec2.py -k AKIAWASPRY4YWB3UIXZK -K u7LyyzLF0k/d2OU1whAzMAJOGGm/D+RLpHGh9Kow -g -v
/usr/lib/python2.6/site-packages/urllib3/util/ssl_.py:369: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/lates ... l-warnings
SNIMissingWarning
Traceback (most recent call last):
File "/usr/local/nagios/libexec/check_ec2.py", line 649, in <module>
main()
File "/usr/local/nagios/libexec/check_ec2.py", line 530, in main
options = parse_args()
File "/usr/local/nagios/libexec/check_ec2.py", line 92, in parse_args
get_instances(options.accesskeyid, options.secretaccesskey, options.region)
File "/usr/local/nagios/libexec/check_ec2.py", line 154, in get_instances
if (instance['InstanceId'] != '' and instance['PublicIpAddress'] != ''):
KeyError: 'PublicIpAddress'
[root@rdvirt123 ~]# python --version
Python 2.6.6

This looks like a bug to me. I'll let you know as soon as I find a fix/workaround.

The check_ec2.py module returns those errors, but a aws cli describe-instances works fine

aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId,ImageId,PrivateIpAddress,LaunchTime]" --output table
/root/.local/lib/aws/lib/python2.6/site-packages/urllib3/util/ssl_.py:339: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/lates ... l-warnings
SNIMissingWarning
-----------------------------------------------------------------------------------------------
| DescribeInstances |
+---------------------+-------------------------+----------------+----------------------------+
| i-09b2181da0373f34d| ami-0ff3f2af6d5ddaeff | 172.25.66.184 | 2019-02-26T12:32:21.000Z |
| i-0f70c0abe344db9e1| ami-0eabc4464d7df5719 | 172.25.66.20 | 2019-02-12T16:45:38.000Z |
| i-04dd8446164487af6| ami-0a9700f25cde16bbf | 172.25.66.28 | 2019-06-17T14:11:23.000Z |
| i-08bd7bbcd243bdbf6| ami-0658a809b3e89b0c9 | None | 2019-06-19T19:34:25.000Z |
| i-00da784e01557b458| ami-0658a809b3e89b0c9 | None | 2019-06-19T19:34:25.000Z |
| i-0cb7738911357fc07| ami-0dbbfbe314e78c23d | 172.25.66.173 | 2019-06-19T19:14:16.000Z |
| i-0e012fbb162b3c0ac| ami-173aa56d | 172.25.66.238 | 2019-06-13T13:40:25.000Z |
| i-066151b1db099a849| ami-0dbbfbe314e78c23d | 172.25.66.207 | 2019-02-07T19:55:27.000Z |
| i-060faa289ddf61b97| ami-173aa56d | 172.25.69.182 | 2018-11-01T13:19:41.000Z |
| i-09442acce9290af38| ami-8624fdfb | 172.25.69.111 | 2018-12-18T15:30:53.000Z |
| i-0afc994f7d67478f0| ami-bf0e9bc5 | 172.25.70.149 | 2017-11-27T15:11:45.000Z |

I think you have found a bug.

Can you try this modified plugin?

Hi Scott:
Just getting back to this, I will download and try the updated plugin as soon as I can.

Thanks!
Paul