无代理扫描状态返回有关缺少权限的错误

无代理扫描状态返回有关缺少权限的错误

3188
Created On 08/07/24 08:30 AM - Last Modified 03/28/25 09:07 AM


Symptom


In agentless logs, these errors are observed: 
arn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock is missing permissions: ec2:DeleteSnapshot, ec2:DescribeInstances, ec2:TerminateInstances, ec2:DescribeSnapshots
ERRO types.go:598 (agentless/orchestrator.go:852) Failed in cleanup: failed to clean snapshots by {XXXarn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock } for region us-east-2: arn:aws:sts::XXX:assumed-role/PrismaCloudReadOnlyRole-member/redlock is missing permissions or blocked by a Service Control Policy (SCP): ec2:DescribeSnapshots target="XXX" hub="" region="us-east-2" availabilityDomain="" job="Cleanup" workerID="<workerID>"

Environment


  • Prisma 云计算
  • 无代理扫描
  • AWS 权限

Cause


Cloud SCP策略正在阻止该操作。

Resolution


禁用权限检查并限定无代理区域范围以仅扫描 AWS SCP允许的区域。
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Tp4eCAC&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language