How to configure tag scan module by regions and by Scan Resource Types in CPM 3.0 and above
Background:
This document describes how to filter Resource scanning by regions or by Resource Types which is new to new to CPM 3.0, This allows you to limit not only the regions that a tag scanning will scan but adds the ability to scan by specific AWS Resource types, This allows Administrators to limit the AWS objects scanned and allows for more granular functionality to limit permissions in AWS. You can remove specific types and remove the permissions from the CPM AWS IAM policy files. This adheres to AWS's best practices of assigning users or roles the least amount permissions necessary.
Steps:
1. To edit an existing account please select Accounts screen on the left hand side and click on Edit.
2. Hit the drop-down list under Scan Regions.
3. Then enable the regions you desire by enabled the checkmark next to the region. In the screenshot below it shows 4 Regions configured for the Scan Job.
4. Please expand the scan Resource Types drop-down list and enable whichever resources you want CPM scan job to look for in AWS. It will scan the AWS tags, and add resources to CPM Policies.
When you have completed your selections please hit the Save button so changes are not discarded.
For more details on CPM's Tag management functionality please refer to the CPM User Guide, https://n2ws.com/support/documentation
Related Articles
N2WS-22672 - Tag scan fails with error "list index out of range"
Issue: Tag scan fails with the following error in cpm_scan.log log Traceback (most recent call last): File "./cpmserver/cpm/backup_tag.py", line 358, in scan_for_aws_resources File "./cpmserver/cpm/aws_utils.py", line 3100, in ...Instance may be removed from the policy once a tag scan is performed
An instance may be removed from the policy once a tag scan is performed Issue: When there is an instance which is added to two policies - by tag and via web-console, an instance will be removed from the policy in which it was added via GUI. In logs ...Scan tag fails with The security token included in the request is invalid
Issue: When doing scan tag for for a region that requires opt-in (region that needs enabling in AWS, ap-southeast-4 for example) and using N2WS Account with assume role, both source and target account need to have the region enabled. Failing to do ...Empty tag value may result in the error "Instance (or Volume) <ID> wasn't scanned properly"
The error "Instance (or Volume) <ID> wasn't scanned properly" may appear in resource scan log and CPM server log if an instance, or volume is configured with the cpm backup tag key, and the tag value is empty. This message will appear only if the tag ...Error "Policy "Policy_Name" doesn't exist/attached to account" may be printed into CPM server log during the tag scanning operation
The following may be printed into the CPM server log during the tag scanning operation: ERROR: manage_account_tagged_resources(.\cpmserver\cpm\backup_tag.py:336) Policy_Name doesn't exist/attached to account To resolve: Find error in CPM server logs, ...