08-18-2022 07:07 PM
https://pan.dev/cloudngfw/aws/api/
https://github.com/PaloAltoNetworks/cloud-ngfw-aws-examples
using the Git Repo's get_pa_token.py I get the following error
Traceback (most recent call last):
File "C:\Users\xxxxx\cloud-ngfw-aws-examples\programmatic_access\get_pa_token.py", line 138, in <module>
assert resp_dict['ResponseStatus']['ErrorCode'] == 0
AssertionError
I can't get further to get this setup.
08-20-2022 12:27 PM
I ran the get_pa_token.py with the debug flag, and I get this:
PROG_ACC_LOGGER : [DEBUG] 2022-08-20T15:23:08.533Z ResponseText: {"ResponseStatus": {"ErrorCode": 1, "Reason": "Account is not successfully onboarded by FMS. Programmatic Access for CloudNGFWGlobalRulestackAdmin role is not supported."}} |- get_pa_token:134
Traceback (most recent call last):
File "C:\Users\Dwight\cloud-ngfw-aws-examples\programmatic_access\get_pa_token.py", line 138, in <module>
assert resp_dict['ResponseStatus']['ErrorCode'] == 0
AssertionError
Not sure where to go from here.
08-20-2022 01:27 PM
I've gotten further by specifying the cloudrulestackadmin role instead of the cloudglobalrulestackadmin in the get_pa_token.py call. But I get a 403 forbidden when I run the curl command in step 10 of https://pan.dev/cloudngfw/aws/api/
What am I missing?
Ultimately, I'm trying to push the firewall rules via terraform, but the setup in https://medium.com/palo-alto-networks-developer-blog/the-developers-guide-to-palo-alto-networks-clou... isn't working and I get the following
│ Error: InvalidClientTokenId: The security token included in the request is invalid.
│ status code: 403, request id: e8b9428f-0ec4-48ef-a876-aaf616ad0aa1
│
│ with provider["registry.terraform.io/paloaltonetworks/cloudngfwaws"],
│ on PA-Cloud-NGFW.tf line 23, in provider "cloudngfwaws":
│ 23: provider "cloudngfwaws" {
08-22-2022 05:35 PM
Hello @DwighAwesome,
Greetings from Palo Alto Networks!
Error “… (InvalidClientTokenId) …: The security token included in the request is invalid“
This error occurs when the user failed to pass authentication. Either the appropriate user is not active or user access keys are not valid.
Resolve authentication issues by following steps:
> ensure that the AWS keys repository variables used in the repository are valid, accurate, and contain no spaces or typos
>ensure that the corresponding user is active in the AWS console
Note: HTTP Status Code: 403 - The request must contain either a valid (registered) AWS access key ID or X.509 certificate.
Thanks and Regards,
Gopinath Sekar
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-discussions/bd-p/Cloud_NGFW_Discussion.
*Don’t forget to accept the solution provided!*
11-22-2023 05:10 AM
Hi @DwightAwesome! Were you able to solve this? Just got the same error
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
