Closed martinklie closed 4 years ago
Hi, the reason for the error is that for the PCI package the format is different from CIS in that the ARN is built at runtime, the command line should be: /home/ssm-user/aws-securityhub-multiaccount-scripts/enablesecurityhub.py --master_account 999999999999 --assume_role tw_guardduty_sechub --enabled_regions us-east-1 --enable_standards arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0,standards/pci-dss/v/3.2.1 /home/ssm-user/input.csv
ty
While using the latest script
/home/ssm-user/aws-securityhub-multiaccount-scripts/enablesecurityhub.py --master_account 999999999999 --assume_role tw_guardduty_sechub --enabled_regions us-east-1 --enable_standards arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0,arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1 /home/ssm-user/input.csv
We are getting the below error
Enabling members in these regions: ['us-east-1'] Enabling the following Security Hub Standards for enabled account(s) and region(s): ['arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0', 'arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1'] Assumed session for 999999999999. Assumed session for 333333333333. Beginning 333333333333 in us-east-1 Error Processing Account 333333333333
Failed Accounts
333333333333: InvalidInputException(u'An error occurred (InvalidInputException) when calling the BatchEnableStandards operation: Invalid StandardsSubscriptionRequest(s): [{"StandardsArn":"arn:aws:securityhub:us-east-1::arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1"}]',)