1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
You shouldn't have to manually create a new role in order to use the AWS GuardDuty malware scanner for S3. The existing service-linked-roles that were created by GuardDuty should automatically provide you with the necessary permissions (they aren't editable, since they're service-linked roles).
Then, depending on how you've enabled the GuardDuty malware scanner, it should automatically be able to invoke a malware scan.
What specific issues are you having with the scanner?
If you're having any specific permissions issues, I would check if the IAM user/role has the appropriate permissions to use GuardDuty and initiate scans.
This page may help more: https://docs.aws.amazon.com/guardduty/latest/ug/gdu-initiated-malware-scan-configuration.html
répondu il y a un mois
Contenus pertinents
- demandé il y a 8 mois
- demandé il y a 4 mois
- demandé il y a 2 ans
- demandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 8 mois
I'm not having issues with the scanner, the issue is attaching policies to an existing role or creating a new one.
The existing 'AmazonGuardDutyMalwareProtectionServiceRolePolicy' does not include the required permissions, I'm supposed to manually attach them. For example it can't access the S3 bucket or the KMS encryption keys.
I can't edit this policy, and I can't add new inline policies to the service linked role it's associated with...unlike other policies and roles, there are no buttons to do this. I have full permissions to modify IAM on the account.
This link may be more helpful: https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection-s3-iam-policy-prerequisite.html