Skip to content

docs: add instructions for deleting orphaned scanning VMs #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 6, 2025
Merged

docs: add instructions for deleting orphaned scanning VMs #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,26 @@

A Terraform Module to configure the Lacework Agentless Scanner on Azure.

## Preflight Check
To ensure smooth deployment, please reference our [preflight check](./preflight_check/).

## Deprovisioning
When running `terraform destroy`, you may encounter the following error:
```
│ Error: deleting Subnet (Subscription: "********-****-****-****-************"
│ Resource Group Name: "lacework-agentless-eddd"
│ Virtual Network Name: "lacework-virt-network-eddd-eastus"
│ Subnet Name: "lacework-subnet-eddd-eastus"): performing Delete: unexpected status 400 (400 Bad Request) with error: InUseSubnetCannotBeDeleted: Subnet lacework-subnet-eddd-eastus is in use by /subscriptions/********-****-****-****-************/resourceGroups/LACEWORK-AGENTLESS-EDDD/providers/Microsoft.Network/networkInterfaces/LACEWORK-2025-05-05T23.00.00.000Z-0-EASTUS-5372D692/ipConfigurations/LACEWORK-2025-05-05T23.00.00.000Z-0-EASTUS and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.
```

This is because AWLS was deprovisioned while a scan was in progress, resulting in orphaned resources (VMs dynamically created by AWLS during the scan). To resolve this, delete the VMs by running the following command:
```
SCANNING_RESOURCE_GROUP_NAME="lacework-agentless-a09d"
SCANNING_SUBSCRIPTION_ID="0252a545-04d4-4262-a82c-ceef83344237"
az vm delete --ids $(az vm list --resource-group "${SCANNING_RESOURCE_GROUP_NAME}" --subscription "${SCANNING_SUBSCRIPTION_ID}" --query "[].id" -o tsv) --yes
```
You can find the scanning resource group name and the scanning subscription ID in the integration details in the FortiCNAPP Console (_Settings_ -> _Cloud Accounts_ -> \*select your AWLS Azure integration\*).

All code contributions made by Lacework customers to this repo are considered ‘Feedback’ under section 4.3 of the Lacework Terms of Service.
<!-- BEGIN_TF_DOCS -->
## Requirements
Expand Down
1 change: 1 addition & 0 deletions preflight_check/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ In the following steps, we will assign the necessary permissions to this service
"Microsoft.Authorization/roleAssignments/*",
"Microsoft.Authorization/roleDefinitions/*",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.Compute/virtualMachineScaleSets/read",
"Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read",
"Microsoft.KeyVault/vaults/*",
Expand Down