The Aqua CSPM Events feature has several moving pieces that need to be properly configured for event delivery to function.

Troubleshooting Events

Follow the steps below to troubleshoot Events

Step 1: Ensure your cloud account is connected and enabled for scanning

Step 2: Ensure that the Events feature has been enabled

  • Navigate to the "Event Connection Wizard" page
  • Select your cloud account from the drop-down menu
  • If Events have been received in the past, you should see a warning notification and an "event last received" time.

Step 3: Check your cloud account for the Events CloudFormation template

  • Log into your AWS account and open the CloudFormation console
  • If you deployed Events using a Stack Set, click the "Stack Sets" link
  • If you deployed Events using a standard template, open the stacks page.
  • Locate the template (it may be called "aqua-cspm-events" or "aqua-ct" or "cloudsploit-events")
  • Ensure the template has been created successfully

Step 4: Check the cloud account resources

  • Although the stack has created successfully, some resources may have been modified.
  • Click into the stack and locate the "Resources" section
  • Search for "SNS"
  • Note the name of the SNS topic ("cloudsploit-sns" in this case)
  • Navigate to the AWS SNS console
  • Click "topics" and search for the name of the SNS topic associated with the events service
  • Ensure that the topic has been confirmed.
  • Repeat this in each region the stacks have been deployed in.

If the SNS topic subscription has not been confirmed, you will need to delete the CloudFormation stack and redeploy it.