1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
You are missing permissions in AWSSecurityHubServiceRolePolicy.
See https://aws.amazon.com/premiumsupport/knowledge-center/config-error-security-hub/ and https://docs.aws.amazon.com/securityhub/latest/userguide/using-service-linked-roles.html
{
"Effect": "Allow",
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:GetComplianceDetailsByConfigRule",
"config:DescribeConfigRuleEvaluationStatus"
],
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
}
con risposta 2 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
Sorry probably should have included this in the question but we're using the "AWSServiceRoleForSecurityHub" which has the "AWSSecurityHubServiceRolePolicy" policy attached. This policy already includes the permissions you mentioned which is why I can't understand the errors.
I'm seeing the same issue as the author. We've enabled AWS Security Hub, Security Hub is using the AWSServiceRoleForSecurityHub policy, and it has the linked policy that gives it "config:GetComplianceDetailsByConfigRule" on "arn:aws:config:::config-rule/aws-service-rule/securityhub".
We're seeing the same error as the author, but on the securityhub-s3-bucket-public-read-prohibited-${id} rule.