Troubleshooting
Resolve setup, scan, and AWS role issues without slowing the first accountability review.
Troubleshooting
On this page
- "Failed to assume IAM role"
- "Access Denied" during scan
- Scan timed out or is taking forever
- Scan shows 0 findings
- Dashboard won't load
- Getting logged out frequently
- Not getting Slack notifications
- Not getting email notifications
- API returning 401
- API returning 429
- Payment failed
- Cost estimates don't match my AWS bill
- Resources missing from scan results
"Failed to assume IAM role"
The most common cause is an External ID mismatch or the role not existing yet.
Check the role exists:
aws iam get-role --role-name opscurbRole
Check the External ID in the trust policy matches the value OpsCurb generated during onboarding or the most recent reconnect flow:
aws iam get-role --role-name opscurbRole --query 'Role.AssumeRolePolicyDocument'
If the role was connected a while ago and you no longer have the original value, reconnect that role in OpsCurb to reveal a new External ID and update the AWS trust policy.
The trust policy should look like:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::123456789012:root" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": { "sts:ExternalId": "YOUR_EXTERNAL_ID" }
}
}]
}
Also double-check the role ARN format: arn:aws:iam::YOUR_ACCOUNT_ID:role/opscurbRole
"Access Denied" during scan
Some scanners are failing silently due to missing permissions. Re-run the Terraform module to re-apply the latest policy — see the OpsCurb Terraform module for the complete IAM policy definition.
You can test specific permissions:
aws ec2 describe-volumes --max-results 1
aws rds describe-db-instances --max-records 1
Scan timed out or is taking forever
Usually happens with large infrastructure or AWS API throttling. Try reducing scanned regions in Settings → AWS Accounts → Edit, then retry. Also check status.aws.amazon.com for AWS-side incidents.
Scan shows 0 findings
Either your infrastructure is already clean (genuinely possible), filters are hiding results, or some scanners failed. Clear filters on the Findings page and review scan details for errors.
Dashboard won't load
Clear your browser cache first. If that doesn't work, try incognito mode or a different browser (we support Chrome, Firefox, Safari, Edge). Open the browser console (F12) and send any errors to support@opscurb.com.
Getting logged out frequently
Check that cookies are enabled for opscurb.com. Ad blockers and privacy extensions can sometimes interfere. Also make sure your system clock is accurate — JWT tokens are time-sensitive.
Not getting Slack notifications
Go to Settings → Slack Integration and click Send Test. If that fails, reconnect via OAuth and confirm your Slack app/webhook is still active in your workspace.
Not getting email notifications
Check your spam folder for emails from noreply@opscurb.com and add it to your safe senders list. Also verify your email address in Settings → Profile and check that email notifications are enabled in Settings → Notifications.
API returning 401
Your token is invalid or expired. Test it:
curl -H "Authorization: Bearer <SUPABASE_ACCESS_TOKEN>" \
https://<your-backend>/api/ai/preferences
Make sure the Authorization header is exactly Bearer <SUPABASE_ACCESS_TOKEN> and that the token is for the same Supabase project your backend is using.
API returning 429
You've hit a rate or usage limit. Check the Retry-After header (if present), back off, and retry. If this happens often, contact support to review your usage pattern and plan limits.
Payment failed
Retry checkout from the Pricing page with your intended plan. If payment still fails, your bank may be blocking the charge; contact support@opscurb.com and include the timestamp and plan you attempted.
Cost estimates don't match my AWS bill
Our estimates are directional and may differ from your bill due to Savings Plans, Reserved Instances, enterprise discounts, currency/tax, or timing windows. For exact billed amounts, compare in AWS Cost Explorer.
Resources missing from scan results
The resource may be in a region not included for that account (Settings → AWS Accounts → Edit), or it was created after the last scan. Run a fresh scan and check again.
Still stuck? Email support@opscurb.com with your account ID, a description of the issue, and any error messages.