'Child' Service Account Discovery from an AWS Master Account is limited to the first 40 child accounts only


Description

Performing the 'Refresh Members' UI Action from an AWS Master Service Account does not work as expected when there are more than 40 accounts associated with the AWS Master. The AWS Master Account can only discover the first 40 Child Accounts, due to Pagination only working on the first page. The second page pattern sends an incorrect token for it to be invoked.

The issue occurs in the OOB Pattern step "If pagination, get the rest of the batches" which generates the error below: 

Subaccounts list REST request failed. error=Cloud request failed. URL: ... Status: 400 Server response: Response: HTTP/1.1 400 Bad Request [x-amzn-RequestId: 9e563c22-8019-11e9-9896-b9e126ea352d, Content-Type: application/x-amz-json-1.1, Content-Length: 35, Date: Mon, 27 May 2019 00:51:53 GMT, Connection: close] 

Steps to Reproduce

1 - Configure an AWS Master Service Account that has more than 40 accounts associated with it.
2 - Click on "Refresh Members" and wait for completion.

Note that the child service accounts list is incomplete, or there are no service accounts listed under the section tab, meaning the Master account was not returned within the first 40 records, so no relationships could be built.

Workaround

This problem has been fixed. If you are able to upgrade, review the Fixed In section to determine the latest version with a permanent fix your instance can be upgraded to.

The workaround consists in modifying the AWS Organization pattern in step 10 adding the last line listed here:
if ( token ){
token = token[0];
// Strip XML tags if exist.
token = token.replace(/<\/?nextToken>/gi, '');
token = '"' +token +'"'
}

The already edited attached Pattern XML can also be used. See the code change comparison below:


Related Problem: PRB1329202