Recieve Error Action Type - set-statements

[jsaustinhell]

I am trying to use the below policy that will be triggered from a Security Hub finding:

actions:
- type: set-statements
#state: true
statements:
- Sid: "DenyHttp"
Effect: "Deny"
Action: "s3:GetObject"
Principal:
AWS: ""
Resource: "arn:aws:s3:::{bucket_name}/"
Condition:
Bool:
"aws:SecureTransport": false

This is from the example plicy found here - https://cloudcustodian.io/docs/aws/resources/s3.html#aws-s3-actions-set-statements

However when this is ran I get this error:

hub-mode not configured for multi-account member-role but multiple resource accounts found

This is triggered from a securityhub finding:

resource: aws.s3
mode:
type: hub-finding
pattern:
detail-type:
- "Security Hub Findings - Imported"
source:
- "aws.securityhub"
detail:
findings:
GeneratorId:
- "security-control/S3.5"
Compliance.Status:
- "FAILED"
RecordState:
- "ACTIVE"
Workflow.Status:
- "NEW"

The error suggests that the event has multiple Accounts within in it. But I can see in the Cliudwatch logs, only the 1 Account is liusted.

Has anyone seen this issue before?