1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Instead of manually creating the policies, you can use the Amazon GuardDuty console to generate sample polices for you.
- Navigate to the Amazon GuardDuty console. Choose settings in the navigation pane.
- Under Findings export options, choose the frequency for updating findings.
- Under S3 bucket, choose Existing bucket
- Select your bucket and choose View Policy. Copy that policy and apply it to your S3 bucket.
- You can leave Log file prefix as default (blank)
- For KMS, select your key alias and choose View Policy. Copy that policy and apply it to your KMS key. You want to add this to your key, rather than replace the one that is there. For example:
{
"Version": "2012-10-17",
"Id": "key-consolepolicy-3",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_id>:root"
},
"Action": "kms:*",
"Resource": "*"
},
{
"Sid": "Allow access for Key Administrators",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_id>:role/Admin"
},
"Action": [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
],
"Resource": "*"
},
{
"Sid": "Allow GuardDuty to encrypt findings",
"Effect": "Allow",
"Principal": {
"Service": "guardduty.amazonaws.com"
},
"Action": "kms:GenerateDataKey",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceArn": "arn:aws:guardduty:us-west-2:<account_ID>:detector/<detectorID>",
"aws:SourceAccount": "<account_ID>"
}
}
}
]
}
- Then choose save.
répondu il y a un an
Contenus pertinents
- demandé il y a un mois
- demandé il y a 3 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 8 mois
- AWS OFFICIELA mis à jour il y a 3 mois
Can you post the bucket policy of the existing bucket that you want your guardduty findings to export into? Please post the KMS key policy as well.
I think I found the problem.