For an onboarded AWS account, if a region appears with a question mark icon in the Account Details page, the AWS services are deactivated for that particular region. The AWS account is active but labeled with AWS partially enabled.

Pointing out the region with disabled AWS services in the Account Details page.

You can enable AWS services for one or more regions that belong to the same AWS account by using the Carbon Black Cloud console. This procedure is an alternative to enabling AWS Services while onboarding the AWS account.

Prerequisites

  • Make sure you set the following access level permission and assign it to the API Key for executing the event stream setup script.

    Defining the Public Cloud permissions in the Add Access Level page for running the event stream setup script.

  • Retrieve your API Secret Key and API ID credentials.

Procedure

  1. From the left navigation pane, click Settings > AWS Accounts.
  2. Double-click the AWS account for which you want to enable AWS services and locate the Regions section.
  3. Click the Enable AWS Services link.
    The Enable AWS Services window appears with the script already populated with all the regions in the account that have AWS services deactivated.
    For example, 
    curl https://dev.cwp.cbdtest.io/public-cloud/dev01/aws/shell/setup-cbc-event-stream.sh 
 --output setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh 
 --CBInventoryApiHost defense-dev01.cbdtest.io --CBInventoryOrgKey 8X5TJVYWQ 
 --CBInventoryApiKey <API_Secret_Key>/<API_ID> --region 'ap-east-1,ap-south-1'
  4. Copy the script content and click OK.
  5. Start the AWS Command Line Interface (AWS CLI) on your EC2 instance and paste the script.
  6. Populate the <API_Secret_Key>/<API_ID> credentials and execute the script.

Results

After the script executes, the regions are enabled with AWS services. They appear in the Regions section of the Account Details panel with a green check mark (without the question mark icon).