1 Answer
- Newest
- Most votes
- Most comments
2
Does your KMS key policy grant guardduty as stated in Guardduty Setup Documentation. KMS key policy would be as below:
{
"Sid": "AllowGuardDutyKey",
"Effect": "Allow",
"Principal": {
"Service": "guardduty.amazonaws.com"
},
"Action": "kms:GenerateDataKey",
"Resource": "arn:aws:kms:Region1:444455556666:key/KMSKeyId",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "111122223333",
"aws:SourceArn": "arn:aws:guardduty:Region2:111122223333:detector/SourceDetectorID"
}
}
}
For bucket policy, follow the section Granting GuardDuty permissions to a bucket in the above mentioned documentaion.
Bucket and KMS key policy are two most common places, which prevents guarduty to write logs.
Hope you find this useful.
Comment here for additional questions.
Abhishek
Relevant content
- asked 10 months ago
- Accepted Answerasked 10 months ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
Please can you provide the bucket policy (removing any thing sensitive) pls