Gateway Audit (for AWS)

The Aviatrix Controller periodically checks its Aviatrix gateways (every 24 hours) to ensure the following conditions are present:

The Aviatrix Gateway instance in AWS has its IAM role aviatrix-role-ec2 attached.
The aviatrix-role-app role exists and has policies attached to it.
The Aviatrix Gateway instance’s security group has an inbound rule allowing the Controller EIP on port 443.

When any of the above conditions fail:

The Controller sends an alert email to the Controller admin and logs the event.
The gateway will not be able to receive messages from the Controller. Therefore, the event requires action before the next audit occurs.

Audit Status	Description
Pass	The gateway has passed the most recent audit.
Error(SG)	The gateway instance’s security group does not have an inbound rule that is open to the Controller’s EIP.
Error(IAM)	The gateway instance’s aviatrix-role-ec2 is detached from the instance profile or aviatrix-role-app does not have associated policy.

Audit Status

Description

Pass

The gateway has passed the most recent audit.

Error(SG)

The gateway instance’s security group does not have an inbound rule that is open to the Controller’s EIP.

Error(IAM)

The gateway instance’s aviatrix-role-ec2 is detached from the instance profile or aviatrix-role-app does not have associated policy.

Cloud Message Queue Failure

If the alert message has the title Cloud Message Queue Failure, it implies the following:

The gateway runs periodic API calls to retrieve SQS messages if any have been sent by the Controller. For 15 minutes, the specific gateway has been experiencing API call failures. This does not necessarily mean the gateway has missed any messages. There may be a temporary interruption for gateway to make API calls.
If the failure continues, a new message will be sent once a day.

Please see this document to look for ways to debug and address this issue. If you need help, please open a support ticket at the Aviatrix Support Portal.