I have set up the cross-account export option following the Exporting findings documentation in my account and I was able to set it up without any issues.
Account A: GuardDuty/KMS, Account B: S3 bucket
Please make sure that you have replaced
sourceDetectorId in the sample policies from the documentation. In my setup, I did not use optional prefix so my resource ARN for objects looks like this arn:aws:s3:::<bucketname>/*. Also, make sure that KMS key and S3 bucket are in the same region.
If the issue persists, please share your policies (sanitize account id and resource id).
Best practices to deploy GuardDuty, Macie, Sec Hub and Config in a Multi-account environment?asked a year ago
GuardDuty and AWS Security Hub - Timingasked 3 months ago
Guardduty finding send to cross account's S3 bucketasked 4 months ago
AWS GuardDuty & RDS, what are the features exactly?!asked a month ago
Cannot configure Guardduty 'findings export options' to an S3 bucketasked 6 months ago
GuardDuty finding segregationasked 9 months ago
Cross Account Copy S3 Objects From Account B to AWS KMS-encrypted bucket in Account Aasked 10 months ago
Error while disabling GuardDuty from delegated adminasked 4 months ago
How does GuardDuty work in a Shared VPC?Accepted AnswerEXPERTasked 4 years ago
Guardduty on AWS organization vs individual accountsAccepted Answerasked 10 months ago