Troubleshooting Remediation Policy (Manual) AWS
When creating a remediation policy, if you are unsuccessful or are getting errors similar to this:
'Error assuming role: AccessDenied: User: arn:aws:sts::057012691312:assumed-role/lambda-cloudsploit-remediator/cloudsploit-remediator is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::'IAM Number':role/aqua-cspm-security-remediator ' .
There are a few troubleshooting steps you can do to try and solve this.
Step 1: Check Permissions in Cloud Provider
- For instance in AWS, check your IAM permissions by going into Access Management --> Roles and check the tab for permissions. If you do not have the correct permissions you will not be able to create the remediation policy.
Step 2: Delete and Re-create Stack
- Go to your AWS cloud provider.
- Head to your stacks and choose the stack you have for the remediator
- Delete the stack
- Go back into the Aqua Cloud portal and click on connect account
- Choose the cloud account you wish to connect and then select a remediator type. (If you want to run the manual remediator it is recommended to run both automatic and manual together.) Choose the region you are in and click 'launch stack'
- Go through and create the stack as shown.
- Paste the ARN from the outputs page into the Aqua Cloud Connect Account
- Re-test a remediation and check the reports to see if it is working properly.
Step 3: Error with Region: Use only Manual
- If deleting and re-creating the stack did not solve the issue and you were experiencing an error on the 'Output' in AWS, this could be a region issue.
- In this case you should be able to run just the manual remediation. The error is for automated remediation and the region you are in.
*It is important to note that if you are using the manual remediator, keys will not be rotated every 5 minutes. It is recommended if you are running a manual remediator to select both auto and manual. Automatic remediator will switch keys every 5 minutes to ensure higher security. *Another note to add is depending on the region automated will not work. In this case Manual remediation should still work.
Did you find it helpful? Yes NoSend feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.