Guardduty finding send to cross account's S3 bucket
My requirement is to transfer the Guardduty finding of Account A to the S3 Bucket of Account B I follow the guide https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html but got an error
My steps are:
- Granting GuardDuty permission to a KMS key,create a key on Account A
- Granting GuardDuty permissions to a Account B bucket
- Exporting findings to a bucket with the Console ,The result is the above error
- Mais recentes
- Mais votos
- Mais comentários
I believe the gap is in the bucket policy of the S3 bucket in the other account. It needs GetBucketACL and ListBucket . Try adding that.
I have set up the cross-account export option following the Exporting findings documentation in my account and I was able to set it up without any issues.
Setup: Account A: GuardDuty/KMS, Account B: S3 bucket
Please make sure that you have replaced region, account id, kmskeyid, and sourceDetectorId in the sample policies from the documentation. In my setup, I did not use optional prefix so my resource ARN for objects looks like this arn:aws:s3:::<bucketname>/*. Also, make sure that KMS key and S3 bucket are in the same region.
If the issue persists, please share your policies (sanitize account id and resource id).
Conteúdo relevante
AWS OFICIALAtualizada há 2 anos