When creating a remediation policy, if you are unsuccessful or are getting errors similar to this:
'Error assuming role: AccessDenied: User: arn:aws:sts::057012691312:assumed-role/lambda-cloudsploit-remediator/cloudsploit-remediator is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::'IAM Number':role/aqua-cspm-security-remediator ' .
There are a few troubleshooting steps you can do to try and solve this.
Step 1: Check Permissions in Cloud Provider
Step 2: Delete and Re-create Stack
- Go to your AWS cloud provider.
- Head to your stacks and choose the stack you have for the remediator
- Delete the stack
- Go back into the Aqua Cloud portal and click on connect account
- Choose the cloud account you wish to connect and then select a remediator type. (If you want to run the manual remediator it is recommended to run both automatic and manual together.) Choose the region you are in and click 'launch stack'
- Go through and create the stack as shown.
- Paste the ARN from the outputs page into the Aqua Cloud Connect Account
- Re-test a remediation and check the reports to see if it is working properly.
Step 3: Error with Region: Use only Manual
- If deleting and re-creating the stack did not solve the issue and you were experiencing an error on the 'Output' in AWS, this could be a region issue.
- In this case you should be able to run just the manual remediation. The error is for automated remediation and the region you are in.
*It is important to note that if you are using the manual remediator, keys will not be rotated every 5 minutes. It is recommended if you are running a manual remediator to select both auto and manual. Automatic remediator will switch keys every 5 minutes to ensure higher security. *Another note to add is depending on the region automated will not work. In this case Manual remediation should still work.
Did you find it helpful?Send feedback