- Le plus récent
- Le plus de votes
- La plupart des commentaires
I believe the gap is in the bucket policy of the S3 bucket in the other account. It needs GetBucketACL and ListBucket . Try adding that.
I have set up the cross-account export option following the Exporting findings documentation in my account and I was able to set it up without any issues.
Setup: Account A: GuardDuty/KMS, Account B: S3 bucket
Please make sure that you have replaced region
, account id
, kmskeyid
, and sourceDetectorId
in the sample policies from the documentation. In my setup, I did not use optional prefix so my resource ARN for objects looks like this arn:aws:s3:::<bucketname>/*. Also, make sure that KMS key and S3 bucket are in the same region.
If the issue persists, please share your policies (sanitize account id and resource id).
Contenus pertinents
- demandé il y a un an
- demandé il y a 4 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans