Get answers to frequently asked support questions for Cloud Posture.
How do I manage Lambda-009 and SecretsManager-001 rule failures related to Agentless Vulnerability & Threat Detection?
The relevant Agentless Vulnerability & Threat
Detection resources are securely encrypted with default keys. In addition, the environment
variables
do not contain any secrets, so adding additional encryption using customer-managed
keys is not
required.
To prevent these failures from affecting compliance of your cloud accounts, exclude
the
resources from the Lambda-009 and SecretsManager-001 rules. You can
create a rule exception using the resource tag AppManagerCFNStackKey::V1 Agentless
Vulnerability and Threat Detection to exclude the resources from the rules.
Alternatively, you can create and apply an exceptions profile using the resource tag:
-
Merge the profile with the affected accounts to apply the rule exceptions.