AWS not discovering New S3 Buckets

search cancel

AWS not discovering New S3 Buckets

book

Article ID: 240018

calendar_today

Updated On:

Products

CASB Securlet IAAS CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet SAAS CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Securlet SAAS With DLP-CDS

Issue/Introduction

After activating AWS Securlet, CloudSOC is not updating with newly created S3 Buckets (whereas the initial Securlet activation allowed for discovery of either all new S3 buckets or new S3 buckets with either a designated prefix or suffix to their name).

Cause

The ARN for IaaSSNSname was incorrect

Resolution

Login to AWS
Verify that you are in the correct region where you have activated the Securlet
Search for CloudFormation and select it
In CloudFormation > Stack choose the Stack name that you created on activation
The CloudFormation > Stack > [Stack name] window opens and click on the Resources tab > click the IaaSctsns link
This opens the AmazonSNS > Topics > IaaSSNSname window
On the left side pane - select Subscriptions
1. If the Status is "Confirmed" then the issue is different and more troubleshooting will be needed
2. If the Status is "Pending confirmation" then continue on to the next steps
  1. If the Status is set to 'Pending'- there is a likelihood that an old "V1 resource ARN was used during the Securlet
    activation instead of the new resource created per the Cloud Formation Template.
Go back to 'Topics' (left hand link on image above). Copy the ARN value
Login to CloudSOC
Go to Securlets > AWS > Connections and click the ellipsis > Edit
Go to the CloudTrail Setup and paste the SNSArn and Click Save
Allow 15 mintues for things to sync and test adding a new S3 bucket.
If the same issue occurs or if there are other problems then it's recommended to 'Delete' the existing connection and reactivate the AWS Securlet.

Feedback

thumb_up Yes

thumb_down No