1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
You are missing permissions in AWSSecurityHubServiceRolePolicy.
See https://aws.amazon.com/premiumsupport/knowledge-center/config-error-security-hub/ and https://docs.aws.amazon.com/securityhub/latest/userguide/using-service-linked-roles.html
{
"Effect": "Allow",
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:GetComplianceDetailsByConfigRule",
"config:DescribeConfigRuleEvaluationStatus"
],
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
}
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
Sorry probably should have included this in the question but we're using the "AWSServiceRoleForSecurityHub" which has the "AWSSecurityHubServiceRolePolicy" policy attached. This policy already includes the permissions you mentioned which is why I can't understand the errors.
I'm seeing the same issue as the author. We've enabled AWS Security Hub, Security Hub is using the AWSServiceRoleForSecurityHub policy, and it has the linked policy that gives it "config:GetComplianceDetailsByConfigRule" on "arn:aws:config:::config-rule/aws-service-rule/securityhub".
We're seeing the same error as the author, but on the securityhub-s3-bucket-public-read-prohibited-${id} rule.