FAQ#
General#
My Python Version is Not Compatible#
It is highly recommended that a Python version shim like pyenv is used. Once installed, Poetry will make a virtualenv using the correct version of Python automatically.
AWS#
AWS Policy Actions#
The following permissions are required to scan:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "censysLeastPrivilegeCloudConnector",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"ec2:DescribeTags",
"ec2:DescribeNetworkInterfaces",
"ecs:ListContainerInstances",
"ecs:ListClusters",
"elasticloadbalancing:DescribeLoadBalancers",
"rds:DescribeDBInstances",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53domains:ListDomains",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "*"
}
]
}
Can I use a Session Role Name?#
Yes, this can be set during the provider setup and will be defined in providers.yml.
Do you support Named Profiles?#
Yes.
Can I use SSO?#
AWS CLI supports Single Sign-On via IAM Identity Center.
You can use the aws sso login command to authenticate before running
provider setup.
Azure#
Azure Roles#
Read about Azure roles and permissions here.
If you see the following error message, check that you are logged into an account with the correct permissions:
The client 'user@example.com' with object id 'uuid' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/uuid' or the scope is invalid. If access was recently granted, please refresh your credentials.
GCP#
GCP Service Account Keys#
If you encounter the following error while configuring your GCP Cloud Connector, a likely cause is that your service account has reached its maximum quota of keys.
Failed to enable service account. ERROR: (gcloud.iam.service-accounts.keys.create) FAILED_PRECONDITION: Precondition check failed.
Go to https://console.cloud.google.com/iam-admin/serviceaccounts to manage your service account keys.