Troubleshooting CWPP Scan Errors

This article outlines the steps to troubleshoot errors encountered during the AWS CWPP scan and appliance lifecycle.

Integration Errors

The following errors might arise for AWS configured with CWPP:

AssumeRoleError

User Action Required: Yes

Cause: This error occurs when the required permissions and/or policies created during AWS CWPP onboarding are no longer valid.

Solution: To resolve this error, follow the guides below to update the AWS Account integration(s).

• Steps for updating a 'Single AWS Account'
• Steps for updating 'Multiple AWS Accounts'

ServiceAccountDisabled

User Action Required: Yes

Cause: This error occurs when the CWPP scan is executed for target account and the corresponding service account is disabled.

Solution: To resolve this error, enable the service account on the Service Account integration page

NoRegionsEnabled

User Action Required: Yes

Cause: This error occurs when CWPP scan is executed for

• in-account integration and no AWS regions were enabled or configured.
• target account integration and no AWS regions were enabled or configured for associated service account.

Solution: To resolve this error

• for in-account integration, enable at least one region from AWS integration settings page.
• for service account integration add or enable at least one region for your service account. This can be done from service account settings page.