Open romulets opened 6 months ago
automation-reports-qa-*
and ari-cis-aws-test
are both old buckets we don't have access to anymore. as an admin, i can't do any operation (get/delete)
elastic-org-elastic-eng-cloudtrail-ingest
- is where the elastic-eng-org-cloudtrail
trail dumps the cloudtrail logs, and the trail was set up by org management:
, so it seems not being able to operate (get*) on that bucket makes sense.
long story short - org policies prevent security-audit
role from running operations it is otherwise permitted to do.
we can't do anything about elastic-org-elastic-eng-cloudtrail-ingest
, just ignore the error. we could do the same for the other two buckets, or ask platform-security to delete them, although i've been told it may not be easy to get that approved.
Describe the bug There are multiple Access Denied in AWS in the long lived env (logs)
They are in different resources. During 8.13 QA Cycle we've seen in 1 cycle:
217 occurrences
217 occurrences:
217 occurrences:
217 occurrences:
1 occurrence
1 occurrence
1 occurrence
1 occurrence
Preconditions Run CSPM AWS
To Reproduce Write the exact actions one should perform in order to reproduce the bug. Steps to reproduce the behavior:
AccessDenied: Access Denied
)Expected behavior No access denied errors