AWS ECR scans not working

AWS ECR scans not working

212
Created On 01/20/23 15:55 PM - Last Modified 03/04/26 18:26 PM


Symptom


AWS ECR scans stop working even though enough Defenders are assigned and the designated defenders are healthy and up-to-date. Manual start of the scans also fail to work in this scenario.

Environment


  • Prisma Cloud Enterprise (CSPM)
  • Prisma Cloud Compute (CWPP) 
  • AWS ECR registry

Cause


Invalid credentials which were generated from a now deleted Cloud Account in CSPM.

Resolution


Delete the invalid credentials and provide new ones to the ECR registry scan settings

Additional Information


As a bonus one can create a policy/alert rule with the below RQL queries in order to track the cloud accounts that no longer exist but their credentials remain in Prisma Cloud Console:

event from cloud.audit_logs where cloud.type = 'aws' AND operation = 'RemoveAccountFromOrganization'
config from cloud.resource where cloud.type = 'aws' AND resource.status = Deleted AND cloud.account = '<cloud_account_name>'


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGPUCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail