How to configure tag scan module by regions and by Scan Resource Types in CPM 3.0 and above
Background:
This document describes how to filter Resource scanning by regions or by Resource Types which is new to new to CPM 3.0, This allows you to limit not only the regions that a tag scanning will scan but adds the ability to scan by specific AWS Resource types, This allows Administrators to limit the AWS objects scanned and allows for more granular functionality to limit permissions in AWS. You can remove specific types and remove the permissions from the CPM AWS IAM policy files. This adheres to AWS's best practices of assigning users or roles the least amount permissions necessary.
Steps:
1. To edit an existing account please select Accounts screen on the left hand side and click on Edit.
2. Hit the drop-down list under Scan Regions.
3. Then enable the regions you desire by enabled the checkmark next to the region. In the screenshot below it shows 4 Regions configured for the Scan Job.
4. Please expand the scan Resource Types drop-down list and enable whichever resources you want CPM scan job to look for in AWS. It will scan the AWS tags, and add resources to CPM Policies.
When you have completed your selections please hit the Save button so changes are not discarded.
Related Articles
Tag scan may fail after upgrade to v2.6.0 with the "KeyError: 'config_args'" error, when a resource is tagged with the "no-backup" tag value
Tag scan may fail after upgrade to v2.6.0 with the "KeyError: 'config_args'" error, when a resource is tagged with the "no-backup" tag value The following errors may be printed in CPM Agent logs: ERROR: scan_tags_request(agentapi_requests.py:415) ...
N2WS-22672 - Tag scan fails with error "list index out of range"
Issue: Tag scan fails with the following error in cpm_scan.log log Traceback (most recent call last): File "./cpmserver/cpm/backup_tag.py", line 358, in scan_for_aws_resources File "./cpmserver/cpm/aws_utils.py", line 3100, in ...
Instance may be removed from the policy once a tag scan is performed
An instance may be removed from the policy once a tag scan is performed Issue: When there is an instance which is added to two policies - by tag and via web-console, an instance will be removed from the policy in which it was added via GUI. In logs ...
CPM may fail to add an instance using "Scan Resources”, if policy is created from a template and the "#app-aware" option is added to the tag
When trying to add an instance to a new policy, which is created from a template using the cpm backup tag and value of new policy:existing policy#app-aware, tag scanning may fail with the following error: “Resource tag scan failed". The new policy is ...
Scan tag fails with The security token included in the request is invalid
Issue: When doing scan tag for for a region that requires opt-in (region that needs enabling in AWS, ap-southeast-4 for example) and using N2WS Account with assume role, both source and target account need to have the region enabled. Failing to do ...