Elasticity Lambda fails to onboard Windows EC2 instances on a secondary AWS account.

[jcosteatcyberark]

Summary

Windows instances created on a second AWS account (using execution/assume roles) fails to be onboarded.
The function instance_processing::get_instance_password_data is unable to use the assume role provided because of a typo error.

The key in acct_b['Credentials'] should be SessionToken, not session_token :

cyberark-aws-auto-onboarding/src/shared_libraries/instance_processing.py

Line 57 in 674908c

session_token = acct_b['Credentials']['session_token']

Steps to Reproduce

Steps to reproduce the behavior:

1. Create a Windows EC2 instance on account B
2. Wait for the instance to be running
3. Check the ElasticityLambda logs on CloudWatch on account A

Expected Results

The Administrator account of the EC2 instance appears in the PVWA.

Actual Results (including error logs, if applicable)

You should see the following error in the Elasticity Lambda's logs:

[ERROR] {<class 'KeyError'>}
[ERROR] Error on getting token from account XXXXXXXXXXXX : 'session_token'

Reproducible

• Always
• Sometimes
• Non-Reproducible

Version/Tag number

cyberark/cyberark-aws-auto-onboarding:master

Environment setup

• Elasticity Lambda in an AWS account A.
• Windows EC2 instance created in an AWS account B.