- 新しい順
- 投票が多い順
- コメントが多い順
Hi There,
As the error message - 'Failed to configure export options because GuardDuty does not have permission to the KMS key, the S3 bucket, or the specified location in the bucket', mentions the permission related issue. There are couple of things to confirm to resolve this error -
-
Check if your configuration to export the findings is region-specific. That means, your S3 bucket and KMS key should be in the same region, where you are performing this action.
-
Correct S3 and KMS Key Polices.
In the key policy, GuardDuty needs the following permission [1]:
{
"Sid": "Allow GuardDuty to use the key",
"Effect": "Allow",
"Principal": {
"Service": "guardduty.amazonaws.com "
},
"Action": "kms:GenerateDataKey",
"Resource": "*"
}
To export Guardduty findings to S3 bucket which is encrypted with KMS key, certain permissions are required. Please refer the below documentation link for the same. Permissions required to configure findings export: [2]
==================References==================================
[1] Granting GuardDuty permission to a KMS key: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html#guardduty_exportfindings-permissions
[2]Granting GuardDuty permissions to a bucket : https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html#guardduty_exportfindings-key-policy
[3] Console Procedure - exporting findings to a bucket with the Console: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html#guardduty_exportfindings-s3-policies
[4] To know more about the option of exporting Guardduty findings, please refer the documentation - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html#guardduty_exportfindings-new-bucket
Please note that I personally value your feedback, please accept this answer if you find it helpful to you.
関連するコンテンツ
AWS公式更新しました 2年前
