El estado del análisis Sin agente devuelve un error sobre permisos faltantes

El estado del análisis Sin agente devuelve un error sobre permisos faltantes

3192
Created On 08/07/24 08:30 AM - Last Modified 03/28/25 09:07 AM


Symptom


In agentless logs, these errors are observed: 
arn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock is missing permissions: ec2:DeleteSnapshot, ec2:DescribeInstances, ec2:TerminateInstances, ec2:DescribeSnapshots
ERRO types.go:598 (agentless/orchestrator.go:852) Failed in cleanup: failed to clean snapshots by {XXXarn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock } for region us-east-2: arn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock is missing permissions or blocked by a Service Control Policy (SCP): ec2:DescribeSnapshots target="XXX" hub="" region="us-east-2" availabilityDomain="" job="Cleanup" workerID="<workerID>"

Environment


  • Computación en la nube Prisma
  • Escaneo Sin agente
  • Permisos de AWS

Cause


La política de SCP en la nube está bloqueando las acciones.

Resolution


Deshabilite la verificación de permisos y el alcance de las regiones Sin agente para escanear solo las regiones permitidas por AWS SCP .
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Tp4eCAC&lang=es&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language