état de l'analyse sans agent renvoie une erreur concernant les autorisations manquantes

état de l'analyse sans agent renvoie une erreur concernant les autorisations manquantes

3216
Created On 08/07/24 08:30 AM - Last Modified 03/28/25 09:07 AM


Symptom


In agentless logs, these errors are observed: 
arn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock is missing permissions: ec2:DeleteSnapshot, ec2:DescribeInstances, ec2:TerminateInstances, ec2:DescribeSnapshots
ERRO types.go:598 (agentless/orchestrator.go:852) Failed in cleanup: failed to clean snapshots by {XXXarn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock } for region us-east-2: arn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock is missing permissions or blocked by a Service Control Policy (SCP): ec2:DescribeSnapshots target="XXX" hub="" region="us-east-2" availabilityDomain="" job="Cleanup" workerID="<workerID>"

Environment


  • Cloud Compute de Prisma
  • Analyse sans agent
  • Autorisations AWS

Cause


La politique, règle, mesures Cloud SCP bloque les actions.

Resolution


Désactivez la vérification des autorisations et la définition de la portée des régions sans agent pour analyser uniquement les régions autorisées par AWS SCP .
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Tp4eCAC&lang=fr&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language