Resource usage by cloud account shows '0' even though 'Cloud accounts' have 'Success' as the status. No errors are shown for 'Cloud accounts' within Lacework UI.
Issue
Resource usage by cloud account shows '0' even though 'Cloud accounts' have 'Success' as the status. No errors are shown for 'Cloud accounts' within Lacework UI.
Environment
AWS accounts that have EC2 Instances, RDS Instances, Redshift Instances, Elastic Load Balancers, Application Load Balancers, and NAT gateways.
Key words
-
Resource Usage
-
AWS
-
0
- Incorrect Resource Usage
Resolution
EC2 Instances, RDS Instances, Redshift Instances, Elastic Load Balancers, Application Load Balancers, and NAT gateways count towards Resource Usage. If the AWS account has any of these cloud resources and Resource Usage shows 0, please follow these steps to confirm if there are any error messages.
1. Right click on your browser and go to 'Inspect'/'Debugging Tools'.
2. Click on 'Network' tab.
3. From your Lacework UI, go to: 'Settings' -> 'Cloud Account'
4. Click on the item that starts with 'cloud?details=true&org=false'.
5. Click on 'Preview' tab and expand 'data'. You will see all the integrations listed. (Note: Integration GUID is blocked off to protect the private data)
6. Click on the arrow prior to '0' to expand the item. Expand 'STATE', expand 'details', expand 'complianceOpsDeniedAccess'. The error messages that shows the permission issues will be visible.
7. 'DescribeRegions' permission error is caused by a Service Control Policy that's enabled at the AWS Organizations level. In order to get around this error, 'DescribeRegions' permission must be allowed for the 'Lacework Role' that's being used. You can see the 'Lacework Role' that's being used if you expand 'DATA' -> 'CROSS_ACCOUNT_CREDENTIALS' which will be listed in 'ROLE_ARN'.
8. Once the permissions are properly configured, Resource Usage will show the proper counts instead of '0' after compliance reports are created.