[Microsoft Defender For Cloud] Troubleshooting autoprovisionning of AWS EC2 in Azure Arc not working
I'm having a problem with automatic onboarding of AWS EC2s in Azure Arc. Everything seems to be configured correctly, but the Azure Arc agent doesn't install on the EC2s.
Azure side :
- Microsoft Defender For Cloud > Environment Settings: The AWS account is set to connected status. Onboard type is "Single account". The only active plan is Servers P1. Monitoring coverage is "Partial", but Azure Arc agent and extensions are enabled.
Microsoft Defender For Cloud > Inventory: AWS resources are present with recommendations.
Microsoft Defender For Cloud > Getting Started > Install agents: A message tells me "All set! All of your Azure subscriptions have automatic agent installation enabled".
Azure Arc > All Azure arc resources : Empty (I have waited more than 24h and still nothing.)
Azure Arc > Service principals : One has been configured with the right resource group.
Subscription > Resource providers : Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity are registered.
Amazon side:
CloudFormation script deployed
EC2s have SSM agent installed
EC2s have the IAM role "AmazonSSMManagedInstanceCore".
In CloudTrails we can see the exchanges for Microsoft Defender for Cloud CSPM, but there is no trace of any attempt to assume the role for ArcAutoProvisioningRole from Azure.
With these elements I conclude that Azure makes no request to Amazon for the deployment of agents. I therefore assume that the problem lies with Azure.
Is there a way to see what Azure is doing? An onboarding dashboard, so that you can understand where the problem is coming from?
Have I missed something in the configuration?
Thanks in advance for your help!