The Aqua CSPM Events feature has several moving pieces that need to be properly configured for event delivery to function.
Follow the steps below to troubleshoot Events
Step 1: Ensure your cloud account is connected and enabled for scanning
- Read more about connecting a cloud account
- Troubleshoot cloud account connections
- On the "Cloud Accounts" page, verify that the account is "enabled"
Step 2: Ensure that the Events feature has been enabled
- Navigate to the "Event Connection Wizard" page
- Select your cloud account from the drop-down menu
- If Events have been received in the past, you should see a warning notification and an "event last received" time.
Step 3: Check your cloud account for the Events CloudFormation template
- Log into your AWS account and open the CloudFormation console
- If you deployed Events using a Stack Set, click the "Stack Sets" link
- If you deployed Events using a standard template, open the stacks page.
- Locate the template (it may be called "aqua-cspm-events" or "aqua-ct" or "cloudsploit-events")
- Ensure the template has been created successfully
Step 4: Check the cloud account resources
- Although the stack has created successfully, some resources may have been modified.
- Click into the stack and locate the "Resources" section
- Search for "SNS"
- Note the name of the SNS topic ("cloudsploit-sns" in this case)
- Navigate to the AWS SNS console
- Click "topics" and search for the name of the SNS topic associated with the events service
- Ensure that the topic has been confirmed.
- Repeat this in each region the stacks have been deployed in.
If the SNS topic subscription has not been confirmed, you will need to delete the CloudFormation stack and redeploy it.