Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  1. Troubleshooting

Linked Account Out of Date

If your linked account is out of date, follow the steps below.

PreviousI cannot access the management consoleNextRebooting the Management Console

Last updated 2 years ago

Checking for KMS encryption on buckets was added to the product as of version 4.02.000. During this process we check the bucket attributes for Custom KMS Encryption. All buckets in the deployment account (Primary by default) will be able to be checked. But, if you have , the cross-account role that was previously created does not have the permissions needed to perform that check. This will be indicated on the page as a warning message tied to the account nickname (as seen below).

You will need to update the cross account role. Follow the steps below to update the role. This action should be taken in the linked account, not the deployment account.

1) Login to the AWS Console and navigate to the CloudFormation service (in the region you originally deployed it in).

2) Select the stack that represents the Cross Account Role and click the Update button as seen below.

3) On the Update stack page make sure to select Replace current template and then provide the cross account role stack URL in the field as indicated below. Then click the Next button.

https://css-cft.s3.amazonaws.com/LinkedAccountCloudFormationTemplate.yaml

4) Leave the parameters as they were on the Specify stack details page and simply click Next.

5) Click Next on the Configure stack options page.

6) Tick the I acknowledge ... box and click Update Stack.

7) It won't take long to complete the update.

8) It won't take long to complete the update. Once done you can navigate back to the Bucket Protection page and refresh the list of the buckets to see the warning disappear and determine the KMS status of your remote buckets.

linked accounts
Bucket Protection