Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
adamybsci
Participant

Anyone else having issue with CloudGuard Notification not working with AWS China SNS Notification

Our AWS China SNS Notification apparently is not working in CloudGuard.  We are using for remediation (CloudBots).  Anyone else having the same issue?  I did give the proper permissions to both the CloudGuard IAM user and the SNS topic.

 

 

0 Kudos
4 Replies
GBrembati
Employee
Employee

Hello adamybsci,

I would suggest checking in AWS the Access Policy of the SNS Topic: d9-findings
There you have a JSON policy that specifies who can access that topic, and there will be a principal specified (defined with an AWS account number). That account number depends on where your CloudGuard CSPM platform resides regionally.

You need to make sure that the AWS account number set in the Access Policy is the same that you see in the IAM Role that you have created during your AWS onboarding.

0 Kudos
adamybsci
Participant

I already give the d9-findings the proper permission to the CloudGuard IAM User which has the appropriate SNS permissions.

0 Kudos
GBrembati
Employee
Employee

Hi adamybsci,

So can you confirm the Access Policy of the SNS topic has the same AWS account number that you see in the CloudGuard IAM Role used for the integration?
Even if the CloudGuard IAM Role has all the proper permission in place, the CloudGuard platform will need to call your SNS topic and this call will be matched against your SNS topic policy. 

If you have deployed the CloudBot from the AWS CloudFormation it may be that you need to change the AWS number in order to match what your platform is using.

0 Kudos
adamybsci
Participant

Yes, we've done both of these two things you mentioned.  Here is what it looks like today in our SNS Access Policy. I've given unlimited access to any AWS principals to Publish messages into the SNS topic.

{
  "Version": "2012-10-17",
  "Id": "D9DeliveryPolicy",
  "Statement": [
    {
      "Sid": "D9DeliveryPolicy",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "sns:Publish",
      "Resource": "arn:aws-cn:sns:cn-north-1:1234567890:d9-findings"
    }
  ]
}

 

0 Kudos