Este contenido no está disponible en el idioma seleccionado

Trabajamos constantemente para que el contenido esté disponible en el idioma seleccionado. Gracias por tu paciencia.

How can I troubleshoot GuardDuty custom Amazon SNS notifications that are not being delivered?

2 minutos de lectura

Why are my Amazon GuardDuty custom Amazon Simple Notification Service (Amazon SNS) notifications not being delivered?

Short description

I followed the instructions to configure an Amazon EventBridge rule for GuardDuty to send custom SNS notifications if specific AWS service event types trigger. However, the SNS notifications weren't delivered.

Resolution

Follow these instructions to confirm the correct settings for:

Amazon SNS subscription confirmation.
Amazon SNS topic AWS Identity and Access Management (IAM) access policy.
AWS Key Management Service (AWS KMS) permissions.
EventBridge event pattern JSON object finding type.

Confirm the Amazon SNS subscription

Open the Amazon SNS console, and then choose Subscriptions.
For your Amazon SNS subscription ID, verify that the status is Confirmed.
If the status is Pending confirmation, follow the instructions to confirm the subscription.

Confirm permissions for the SNS topic access policy

Open the Amazon SNS console, and then choose Topics.
In Name, choose your Amazon SNS topic.
In Details, choose the Access policy tab.
Verify that the IAM policy allows permission to publish the events.amazonaws.com principal similar to the following:

{
      "Sid": "AWSEvents",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "arn:aws:sns:YOUR-REGION:YOUR-ACCOUNT-ID:YOUR-SNS-TOPIC"
}

Confirm AWS Key Management Service (AWS KMS) permissions

Open the AWS KMS console, and then choose Customer managed keys.
In Key ID, choose your AWS KMS key.
In Key policy, choose Switch to policy view.
Verify that the KMS key policy allows permission to publish the events.amazonaws.com principal similar to the following:

{
    "Sid": "AWSEvents",
    "Effect": "Allow",
    "Principal": {
        "Service": "events.amazonaws.com"
    },
    "Action": [
        "kms:GenerateDataKey",
        "kms:Decrypt"
    ],
    "Resource": "*"
}

Confirm the EventBridge event pattern JSON object finding type

Open the EventBridge console, and then choose Rules.
In Name, choose your rule.
In Event pattern, verify that the JSON object finding type matches the specific AWS service similar to the following:

{
  "source": [
    "aws.guardduty"
  ],
  "detail-type": [
    "GuardDuty Finding"
  ]
}

Related information

Monitoring your security with GuardDuty in real time with Amazon Elasticsearch Service (Amazon ES)

GuardDuty finding types

Temas

Seguridad, identidad y cumplimiento

Etiquetas

Amazon GuardDuty

Idioma

English

Vídeos relacionados

Watch Adeyinka’s video to learn more (3:58)

OFICIAL DE AWSActualizada hace 2 años

Sin comentarios

Contenido relevante

¿Cómo puedo configurar una regla de EventBridge para que GuardDuty envíe notificaciones de SNS personalizadas si se activan tipos específicos de eventos de servicios de AWS?
OFICIAL DE AWSActualizada hace 7 meses
¿Por qué mis cargos por mensajes de texto (SMS) de dispositivos móviles son más altos de lo esperado para Amazon SNS y Amazon Pinpoint?
OFICIAL DE AWSActualizada hace un año
¿Cómo soluciono los errores al crear un dominio personalizado en Amazon Cognito?
OFICIAL DE AWSActualizada hace 5 meses
¿Cómo puedo crear una regla de eventos de EventBridge para que me notifique que se utilizó mi cuenta de usuario raíz de AWS?
OFICIAL DE AWSActualizada hace un año