I have setup IAM authenticator for the Conjur instance and when I try to authenticate to the webservice from the EC2 instance. I am getting 401 unauthorized error message. I have looked the $Conjururl/info and see that authenticator is enabled. I verified the policies and the I see that the role has permissions to read and authenticate to the webservice and read the secrets as well. I am trying to check what else needs to be checked and how to troubleshoot the issue. Thank you
Seeing the code on the client side would help with troubleshooting.
Also you can check audit events of the specific host:
Log into UI -> navigate to the host -> scroll down to audit logs (Sometimes you can get more information from there)
Validating the host login on the client app is the same defined within policy helps me a lot also.
It looks like the correct host ID is being used and the authenticator is enabled.
Next thing I would do is validate the AWS Account Number and that the IAM role is actually assigned to the client EC2 instance.
I verified the IAM role assigned by looking at curl http://169.254.169.254/latest/meta-data/iam/info . I see the instanceprofileArn matching the role name and the account number looks accurate as well.
Do you think open a Support ticket would be best step to move forward from here?
