Supportability on AWS Cloud Discovery for Shareable AWS resourcesSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Shareable AWS resources are AWS resources that are made available across AWS accounts enabled by AWS RAM. In current releases (Orlando, Paris, Quebec), during AWS Cloud Discovery, a shareable AWS resource is only discovered in the datacenter / service account where it belongs to. -------- Due to this limitation, Shareable AWS resources can cause warning "Uncompleted partial payloads persisted in Discovery flow" in the discovery log, and IRE error like below in the node log: identification_engine : MISSING_DEPENDENCY In payload no relations defined for dependent class [cmdb_ci_cloud_subnet] that matches any containment/hosting rules: [cmdb_ci_network <- Contains <- cmdb_ci_cloud_subnet]. -------- This is because after CAPI to Pattern migration, some AWS patterns are building partial payloads using source_native_key with service account, datacenter and object id. IRE will further use the source_native_key to match and update relevant CMDB record. However, the source_native_key in a partial payload for a shareable AWS resource can be created with service account that is not where it belongs to, thus IRE cannot match it to any CMDB record. For example, a VPC belongs to Service Account A, region ap-southeast-2, and the source_native_key for it should be A_ap-southeast-2_vpcObjectId. Service Account B uses this VPC, in region ap-southeast-2. When discovering Service Account B, the pattern will build source_native_key B_ap-southeast-2_vpcObjectId. This payload will not match to any CMDB record and will cause "Uncompleted partial payloads persisted in Discovery flow" message and IRE error. -------- Affected pattern includes but not limited to: Amazon AWS - Route Table (LP)Amazon AWS - ACL (LP)Amazon AWS - NIC (LP)Amazon AWS - Security Group (LP)Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Shareable AWS resources CAPI to Pattern Migration