By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Guardduty finding send to cross account's S3 bucket

0

My requirement is to transfer the Guardduty finding of Account A to the S3 Bucket of Account B I follow the guide https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html but got an error

My steps are:

  1. Granting GuardDuty permission to a KMS key,create a key on Account A
  2. Granting GuardDuty permissions to a Account B bucket
  3. Exporting findings to a bucket with the Console ,The result is the above error Enter image description here
Topics
Security, Identity, & Compliance
Tags
Amazon GuardDuty
Language
English
rePost-User-1558744
asked 2 years ago818 views
2 Answers
1

I believe the gap is in the bucket policy of the S3 bucket in the other account. It needs GetBucketACL and ListBucket . Try adding that.

AWS
AWS-User-9401600
answered a year ago
0

I have set up the cross-account export option following the Exporting findings documentation in my account and I was able to set it up without any issues.

Setup: Account A: GuardDuty/KMS, Account B: S3 bucket

Please make sure that you have replaced region, account id, kmskeyid, and sourceDetectorId in the sample policies from the documentation. In my setup, I did not use optional prefix so my resource ARN for objects looks like this arn:aws:s3:::<bucketname>/*. Also, make sure that KMS key and S3 bucket are in the same region.

If the issue persists, please share your policies (sanitize account id and resource id).

AWS
Taka_M
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content