Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  1. Troubleshooting

I Cannot Create/Delete an API Agent

When trying to delete an Api Agent, you may just go to ECS and delete the ApiAgentService. This provokes an additional issue to then create a new Api Agent

PreviousError when upgrading to the latest major versionNextRelease Notes

Last updated 21 days ago

If you want to delete a service or modify any resources created by the AV Console, you must always perform these actions through the AV Console—never directly from the AWS Console.

Managing resources manually through AWS may cause issues in the Cloud Storage Security (CSS) Console. This can break the deployment state and will require additional manual intervention to fix.

For example, if you want to delete resources like the API Service or the Event Service that were created by the AV Console, please follow for proper cleanup instructions.

IMPORTANT: DO NOT manage resources and services created by the Cloud Storage Security Console directly through the AWS Console.


What Happens If You Delete a Service Manually?

If you manually delete a resource in AWS (e.g., the API Agent Service), the CSS Console will still believe the service exists. This inconsistency can prevent you from creating or deleting services properly and may lead to console errors.


How to Fix It

If you've manually deleted a service like the API Agent through the AWS Console, follow these steps to restore proper state:

  1. Go to DynamoDB Navigate to DynamoDB > Tables > <Your App ID>DeploymentStatus.

  2. Explore Table Items

    • Click Explore Table Items.

    • Locate the region where the service was deleted.

    • Find the HasApiService value and change it from 1 to 0.

    • Save and close the table.

  3. Update ECS Service

    • Go to ECS > ConsoleService > UpdateService.

    • Perform a force new deployment.

    • Click Update.

After completing these steps, you should be able to create the API Agent again. The console will correctly detect that the previous service no longer exists.

this guide