AWS Audit Troubleshooting

If you encounter issues while running the Audit Cloud Infrastructure scan, first, check the following:

  • User configuration or permissions issues with the AWS account.
  • AWS networking mechanisms that potentially block Tenable.io scan attempts.

If necessary, enable debug logging and contact Tenable Support (use the variable for Tenable Support) for troubleshooting assistance

To enable debug logging for the Audit Cloud Infrastructure scan:

  1. Navigate to the Audit Cloud Infrastructure scan you created in Audit the AWS Environment.
  2. On the Settings tab, click Advanced.
  3. In the Debug Settings section, select the Enable plugin debugging check box.
  4. Do one of the following:
    • To save without launching the scan click Save.
    • To save and launch the scan immediately, click the drop-down arrow next to Save and select Launch.

  5. In the top navigation bar, click Scans.
  6. Click the row for the Audit Cloud Infrastructure scan you created.
  7. Click the Assets tab.

    The Assets information appears.

  8. Click the AWS Account asset.

    Note: This asset always has a loopback address of 127.0.0.1.

  9. In the Asset Details section, next to Scan DB, click Download.

    The Export window appears.

  10. In the Password box, type the password you want to use to encrypt the Scan DB file.
  11. Contact Tenable Support and provide the .db log file and the encryption password.