1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
You are missing permissions in AWSSecurityHubServiceRolePolicy.
See https://aws.amazon.com/premiumsupport/knowledge-center/config-error-security-hub/ and https://docs.aws.amazon.com/securityhub/latest/userguide/using-service-linked-roles.html
{
"Effect": "Allow",
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:GetComplianceDetailsByConfigRule",
"config:DescribeConfigRuleEvaluationStatus"
],
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
}
답변함 2년 전
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 2년 전
Sorry probably should have included this in the question but we're using the "AWSServiceRoleForSecurityHub" which has the "AWSSecurityHubServiceRolePolicy" policy attached. This policy already includes the permissions you mentioned which is why I can't understand the errors.
I'm seeing the same issue as the author. We've enabled AWS Security Hub, Security Hub is using the AWSServiceRoleForSecurityHub policy, and it has the linked policy that gives it "config:GetComplianceDetailsByConfigRule" on "arn:aws:config:::config-rule/aws-service-rule/securityhub".
We're seeing the same error as the author, but on the securityhub-s3-bucket-public-read-prohibited-${id} rule.