You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
failed to output to ASFF: finding publish failed: AccessDeniedException: User: arn:aws:sts::XXXXXXXXXXXXX:assumed-role/Kube-Bench_EKS_Role/1664564304512275199 is not authorized to perform: securityhub:BatchImportFindings
{
RespMetadata: {
StatusCode: 403,
RequestID: "427290f7-8e98-45f6-a2d2-c55384a74e6a"
},
Message_: "User: arn:aws:sts::XXXXXXXXXXXXX:assumed-role/Kube-Bench_EKS_Role/1664564304512275199 is not authorized to perform: securityhub:BatchImportFindings"
}
What did you expect to happen:
Upload the results to SecurityHub
Environment
v0.6.9
[What is your version of Kubernetes? (run kubectl version or oc version on OpenShift.)]
v1.23.7-eks-4721010
Running processes
[Please include the output from running ps -eaf | grep kube on the affected node. This will allow us to check what Kubernetes processes are running, and how this compares to what kube-bench detected.]
Overview
[A clear and concise description of what the bug is]
How did you run kube-bench?
Creating a cronjob with these args:
What happened?
Can't upload the results to SecurityHub
What did you expect to happen:
Upload the results to SecurityHub
Environment
v0.6.9
[What is your version of Kubernetes? (run
kubectl version
oroc version
on OpenShift.)]v1.23.7-eks-4721010
Running processes
[Please include the output from running
ps -eaf | grep kube
on the affected node. This will allow us to check what Kubernetes processes are running, and how this compares to what kube-bench detected.]Configuration files
Anything else you would like to add:
The role is correct and the configuration of the SA to use IRSA also. I don't know why is complaining about this
Thanks
The text was updated successfully, but these errors were encountered: