By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Regarding Guard Duty

0

I have followed document and tried to configure the guard duty service for forwarding the logs to s3 bucket, everythings seems well but logs are not getting stored in bucket. Need help.

  • Gary Mclean EXPERT
    9 months ago

    Please can you provide the bucket policy (removing any thing sensitive) pls

Topics
Security, Identity, & Compliance
Tags
Amazon GuardDuty
Language
English
Developing Team
asked 9 months ago242 views
1 Answer
2

Does your KMS key policy grant guardduty as stated in Guardduty Setup Documentation. KMS key policy would be as below:

   {    
       "Sid": "AllowGuardDutyKey",
       "Effect": "Allow",
       "Principal": {
           "Service": "guardduty.amazonaws.com"
       },
       "Action": "kms:GenerateDataKey",
       "Resource": "arn:aws:kms:Region1:444455556666:key/KMSKeyId",
       "Condition": {
           "StringEquals": {
               "aws:SourceAccount": "111122223333",
               "aws:SourceArn":    "arn:aws:guardduty:Region2:111122223333:detector/SourceDetectorID"	
           }
       }
   }

For bucket policy, follow the section Granting GuardDuty permissions to a bucket in the above mentioned documentaion.

Bucket and KMS key policy are two most common places, which prevents guarduty to write logs.

Hope you find this useful.

Comment here for additional questions.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content