Forum Discussion
Unable to onboard AWS management account to defender for cloud
Hello,
I have been facing issue while onboarding AWS management account to MDC,
Symptom: I can see the mgmt account is connected however other member accounts are not showing it up in MDC UI.
Have already depolyed the stack and stackset in AWS and their status shows "Success" in AWS CFN
I have owner access to Azure Subscription
Have Administrator access to AWS mgmt account at root org level
Connector for mgmt account is created and status shows connected in MDC
In Resource group of connector i see error happening in every 4 hours "{"statusCode":400,"errorMessage":"Contract validation of data model failed, with error: The json value of offerings failed validation, with reason: Offerings : Found conflicting configurations! VmScanners configuration are not aligned. ID for failure: 0143d882-f915-43e6-a95a-8dab6800f7b5","errorCorrelation":"0143d882-f915-43e6-a95a-8dab6800f7b5"}"
Kindly suggest
Thanks in advance
3 Replies
vibhorm0804 - I'm having the same issue. Did you ever get a resolution?
- Matan_Shabtay
Microsoft
That sounds like a problem that requires customer support, did anyone contacted Azure support?
Good afternoon, I am having this exact same issue, same exact error message. The management account shows in MDC but none of the child accounts. The following screen shot shows the update security connector failing for each child account. This is happening consistently every two hours and the error message associated with each is the same "{"statusCode":400,"errorMessage":"Contract validation of data model failed, with error: The json value of offerings failed validation, with reason: Offerings : Found conflicting configurations! VmScanners configuration are not aligned." I have verified cloud formation templates were successful, IAM roles & policies applied in AWS & Azure side. Thank you in advance for your time and support on any input provided, much appreciated!
To note, I did onboard a single AWS account prior to attempting to onboard a management account. This was for testing purposes --- I wonder if by doing that I caused a conflict? I wouldnt think so --- but never assume. Is there the ability to onboard management accounts AND single accounts? Or is it one or the other......
