ZCSPM
Decommission Remediation for AWS
To decommission the ZCSPM remediation framework for AWS security policies:
- 1. Disable remediation policies.
- Log into the ZCSPM Admin Portal as a License Admin.
- Select a license and cloud account using the drop-down menus.
- Navigate to Configurations > Security Policies.
- Select the Cloud Account level tab.
- Select Remediation Available from the filter menu.
- Disable policies for remediation.
- Click Save.
Close - 2. Disable AWS account remediation.
- Log into the ZCSPM Admin Portal as a License Admin.
- Select a license and cloud account using the drop-down menus.
- Select the Configure icon, then click Configure Account Remediation.
- Disable the Remediation State.
- Click Save.
- 3. Delete the deployment bucket.
Delete the ZCSPM remediation framework deployment bucket on your AWS console:
- Log into the AWS Console.
- Search for a deployment bucket with the name cn-rem-env-acc_sha, and includes the following tag names and values:
- aws:cloudformation:stack-name:
cn-rem-env−acc_sha >
- aws:cloudformation:logical-id:
S3Bucket
- Description:
ZCSPM automatic remediation solution for making cloud resource compliant
- aws:cloudformation:stack-id:
arn:aws:cloudformation:us-west-1:<AWSAccountID>:stack/cn-rem-env−acc_sha
- ServiceName:
auto-remediation-deployment-bucket
- aws:cloudformation:stack-name:
- Delete the deployment bucket.
- 4. Decommission the remediation framework.
If you have set up multi-account remediation, you need to remove the multi-account remediation configuration before you decommission the remediation framework:
- Log in to the AWS console as an Account Admin and select the CloudShell icon.
- Clone the AWS remediation framework from GitHub using the following command:
git clone https://github.com/Cloudneeti/aws-auto-remediation
- Go to the remediation framework repository using the following command:
cd aws-auto-remediation/multi-mode-remediation
- Remove the multi-account remediation configuration using the following command:
bash decommission-multi-mode-remediation.sh -a <AWS-account-id> -p <primary-deployment-region> -e <ZCSPM-environment-prefix> -s <list-of-secondary-deployment-regions>
- (-a) Account Id: Enter the 12-digit AWS Account ID of the account where you want the multi-account remediation framework to be decommissioned.
- (-p) Primary AWS Region where the main framework needs to be deployed.
- (-e) Environment Prefix: Enter any suitable prefix for your deployment.
- (-s) Secondary AWS Regions: List of regions where auto remediation needs to be enabled in the programmatic format (e.g., us-east-1). Enter ‘all’ for all regions deployment or ‘na’ if you do not want to configure auto remediation in other regions.
To decommission the remediation framework:
- Log in to the AWS console as an Account Admin and select the CloudShell icon.
- Clone the AWS remediation framework from GitHub using the following command:
git clone https://github.com/Cloudneeti/aws-auto-remediation
- Go to the remediation framework repository using the following command:
cd aws-auto-remediation
- Decommission remediation framework in AWS account using the following command:
bash decommission-remediation-framework.sh -a <AWS-account-id> -p <primary-deployment-region> -e <ZCSPM-environment-prefix> -s <list-of-secondary-deployment-regions>
- (-a) Account Id: Enter the 12-digit AWS Account ID of the account where you want the multi-account remediation framework to be decommissioned.
- (-p) Primary AWS Region where the main framework needs to be deployed.
- (-e) Environment Prefix: Enter any suitable prefix for your deployment.
- (-s) Secondary AWS Regions: List of regions where auto remediation needs to be enabled in the programmatic format (e.g., us-east-1). Enter ‘all’ for all regions deployment or ‘na’ if you do not want to configure auto remediation in other regions.