ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AWS not discovering New S3 Buckets

book

Article ID: 240018

calendar_today

Updated On:

Products

CASB Securlet IAAS CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet SAAS

Issue/Introduction

After activating AWS Securlet, CloudSOC is not updating with newly created S3 Buckets (whereas the initial Securlet activation allowed for discovery of either all new S3 buckets or new S3 buckets with either a designated prefix or suffix to their name).

Cause

The ARN for IaaSSNSname was incorrect

Resolution

  1. Login to AWS

  2. Verify that you are in the correct region where you have activated the Securlet

  3. Search for CloudFormation and select it

  4. In CloudFormation > Stack choose the Stack name that you created on activation


  5. The CloudFormation > Stack > [Stack name] window opens and click on the Resources tab > click the IaaSctsns link


  6. This opens the AmazonSNS > Topics > IaaSSNSname window
     

  7. On the left side pane - select Subscriptions
     

    1. If the Status is "Confirmed" then the issue is different and more troubleshooting will be needed
    2. If the Status is "Pending confirmation" then continue on to the next steps
      1. If the Status is set to 'Pending'- there is a likelihood that an old "V1 resource ARN was used during the Securlet
        activation instead of the new resource created per the Cloud Formation Template.

  8. Go back to 'Topics' (left hand link on image above). Copy the ARN value


  9. Login to CloudSOC

  10. Go to Securlets > AWS > Connections and click the ellipsis > Edit


  11. Go to the CloudTrail Setup and paste the SNSArn and Click Save


  12. Allow 15 mintues for things to sync and test adding a new S3 bucket.

  13. If the same issue occurs or if there are other problems then it's recommended to 'Delete' the existing connection and reactivate the AWS Securlet. 

Attachments