FAQ#
My Python Version is Not Compatible#
It is highly recommended that a Python version shim like pyenv is used. Once installed, Poetry will make a virtualenv using the correct version of Python automatically.
AWS Policy Actions#
The following permissions are required to scan:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "censysLeastPrivilegeCloudConnector",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"ec2:DescribeTags",
"ec2:DescribeNetworkInterfaces",
"ecs:ListContainerInstances",
"ecs:ListClusters",
"elasticloadbalancing:DescribeLoadBalancers",
"rds:DescribeDBInstances",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53domains:ListDomains",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "*"
}
]
}
Azure Roles#
Ensure the account’s Access control (IAM) role has the following permission to create a service principal with a Reader role:
Microsoft.Authorization/roleAssignments/write
over scope/subscriptions/uuid
The following permissions will be used with this service principal:
Microsoft.ContainerInstance/containerGroups/read
Microsoft.Network/dnszones/read
Microsoft.Network/publicIPAddresses/read
Microsoft.Sql/servers/read
Microsoft.Storage/storageAccounts/read
If you see the following error message, check that you are logged into an account with the correct permissions:
The client 'user@example.com' with object id 'uuid' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/uuid' or the scope is invalid. If access was recently granted, please refresh your credentials.
GCP Service Account Keys#
If you encounter the following error while configuring your GCP Cloud Connector, a likely cause is that your service account has reached its maximum quota of keys.
Failed to enable service account. ERROR: (gcloud.iam.service-accounts.keys.create) FAILED_PRECONDITION: Precondition check failed.
Go to https://console.cloud.google.com/iam-admin/serviceaccounts to manage your service account keys.