This article outlines the steps to troubleshoot errors encountered during the AWS CWPP scan and appliance lifecycle.

Integration Errors

The following errors might arise for AWS configured with CWPP:

AssumeRoleError

User Action Required: Yes Cause: This error occurs when the required permissions and/or policies created during AWS CWPP onboarding are no longer valid. Solution: To resolve this error, follow the guides below to update the AWS Account integration(s).

ServiceAccountDisabled

User Action Required: Yes Cause: This error occurs when the CWPP scan is executed for target account and the corresponding service account is disabled. Solution: To resolve this error, enable the service account on the Service Account integration page

NoRegionsEnabled

User Action Required: Yes Cause: This error occurs when CWPP scan is executed for
  • in-account integration and no AWS regions were enabled or configured.
  • target account integration and no AWS regions were enabled or configured for associated service account.
Solution: To resolve this error
  • for in-account integration, enable at least one region from AWS integration settings page.
  • for service account integration add or enable at least one region for your service account. This can be done from service account settings page.