Troubleshooting for the AWS Cloud Utility

This section lists the troubleshooting for the AWS Cloud Utility.

While using AWS services the following error appears: UnknownRegionError("No default region found...”)

Issue: The service is unable to retrieve the AWS Region from the system.

Workaround: The service is region specific. Include the region name in the command.

region=<region-name>

The CloudWatch service was running and the service has stopped after restarting the system.

Issue: The CloudWatch Service Mode is set to Manual

Workaround: You should restart the service manually.

If the CloudWatch Service Mode is set to Automatic, then wait until all the services start.

The CloudWatch integration is enabled, but the log group/log stream is not created or logs are not being updated.

Issue: This issue occurs because the associated IAM Role or IAM User does not have required permissions to perform CloudWatchrelated operations.

To verify the error, check the log file by using a text editor.

/var/log/amazon/amazoncloudwatch-agent/amazoncloudwatch-agent.log

You can see one of the following errors:

  • E! WriteToCloudWatch failure, err: AccessDenied: User: arn:aws:sts:**** is not authorized to perform: cloudwatch:PutMetricData
  • E! cloudwatchlogs: code: AccessDeniedException, message: User: arn:aws:sts:**** is not authorized to perform: logs:PutLogEvents
  • E! CreateLogStream / CreateLogGroup AccessDeniedException: User: arn:aws:sts:**** is not authorized to perform: logs:CreateLogStream

Workaround: Assign CloudWatchAgentServerPolicy permissions to the associated IAM Role or IAM User and restart the service.

I can see the error message: Unable to locate valid credentials for CloudWatch

Issue: The error message can be because of one of the following reasons:

  • If you are using an AWS instance, then the IAM Role is not configured for the AWS instance.
  • If you are using a non-AWS instance, then the IAM User is configured with invalid AWS

Workaround: On AWS instance, navigate to the AWS console and attach the IAM role to the instance.

For more information about attaching the IAM role, refer https://aws.amazon.com/blogs/security/easily-replace-or-attach-an-iam-role-to-an-existing-ec2-instance-by-using-the-ec2-console/.

On non-AWS instance, to configure the IAM user with valid credentials, navigate to Tools > CloudWatch Utility AWS Tools > AWS Configure.

I am unable to see AWS Tools section under Tools in the CLI Manager

Issue: The AWS Admin role is not assigned to the instance.

Workaround: For more information about the AWS Admin role, refer Managing Roles.

I can see one of the following error messages: CloudWatch Service started failed or CloudWatch Service stopped failed

Issue: The ESA is configured with invalid AWS credentials.

Workaround: You must reconfigure the ESA with valid AWS credentials.

Last modified February 7, 2025