我想通过外部Python脚本将安全性发现纳入AWS安全中心。为此,我使用了以下API:https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html
我编写了一个简单的python脚本,以将批处理导入结果执行到AWS安全中心,如下所示:
import boto3
client = boto3.client('securityhub',
region_name='us-east-2',
aws_access_key_id='API_KEY',
aws_secret_access_key='API_SECRET')
response = client.batch_import_findings(finding_obj)
但这会引发以下错误:
Traceback (most recent call last):
File "aws_hub.py", line 504, in <module>
'Status': 'NEW',
File "C:\Users\Aspire5\AppData\Local\Programs\Python\Python36-32\lib\site-packages\botocore\client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\Aspire5\AppData\Local\Programs\Python\Python36-32\lib\site-packages\botocore\client.py", line 635, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.AccessDeniedException: An error occurred (AccessDeniedException) when calling the BatchImportFindings operation: User: arn:aws:iam::355025806062:user/Kaushal is not authorized to perform: securityhub:BatchImportFindings
我已经在AWS上创建了一个用户,该用户具有以下权限策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"securityhub:BatchImportFindings"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
我还尝试使用AWS提供的模拟器来模拟相同的策略,因此,我的用户可以访问此操作,但是通过API调用失败。这是模拟器的屏幕截图:
答案 0 :(得分:1)
Kaushal28,
您的find_obj可能具有错误的ProductARN
ProductARN应该设置为:
productArn = "arn:aws:securityhub:"+ AWS_REGION +":" + ACCOUNT_ID +":product/" + ACCOUNT_ID +"/default"