Guardduty finding send to cross account's S3 bucket
My requirement is to transfer the Guardduty finding of Account A to the S3 Bucket of Account B I follow the guide https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html but got an error
My steps are:
- Granting GuardDuty permission to a KMS key,create a key on Account A
- Granting GuardDuty permissions to a Account B bucket
- Exporting findings to a bucket with the Console ,The result is the above error
- 最新
- 投票最多
- 评论最多
I believe the gap is in the bucket policy of the S3 bucket in the other account. It needs GetBucketACL and ListBucket . Try adding that.
I have set up the cross-account export option following the Exporting findings documentation in my account and I was able to set it up without any issues.
Setup: Account A: GuardDuty/KMS, Account B: S3 bucket
Please make sure that you have replaced region, account id, kmskeyid, and sourceDetectorId in the sample policies from the documentation. In my setup, I did not use optional prefix so my resource ARN for objects looks like this arn:aws:s3:::<bucketname>/*. Also, make sure that KMS key and S3 bucket are in the same region.
If the issue persists, please share your policies (sanitize account id and resource id).
相关内容
AWS 官方已更新 2 年前
