Recieve Error Action Type - set-statements #9270
Unanswered
jsaustinhell
asked this question in
AWS
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to use the below policy that will be triggered from a Security Hub finding:
actions:
- type: set-statements
#state: true
statements:
- Sid: "DenyHttp"
Effect: "Deny"
Action: "s3:GetObject"
Principal:
AWS: ""
Resource: "arn:aws:s3:::{bucket_name}/"
Condition:
Bool:
"aws:SecureTransport": false
This is from the example plicy found here - https://cloudcustodian.io/docs/aws/resources/s3.html#aws-s3-actions-set-statements
However when this is ran I get this error:
hub-mode not configured for multi-account member-role but multiple resource accounts found
This is triggered from a securityhub finding:
resource: aws.s3
mode:
type: hub-finding
pattern:
detail-type:
- "Security Hub Findings - Imported"
source:
- "aws.securityhub"
detail:
findings:
GeneratorId:
- "security-control/S3.5"
Compliance.Status:
- "FAILED"
RecordState:
- "ACTIVE"
Workflow.Status:
- "NEW"
The error suggests that the event has multiple Accounts within in it. But I can see in the Cliudwatch logs, only the 1 Account is liusted.
Has anyone seen this issue before?
Beta Was this translation helpful? Give feedback.
All reactions