Lambda function to be called in CloudWatch when GuardDuty sends logs to CloudWatch. This script will write the malicious IP to a dedicated file in an S3 bucket. Firewall service (i.e. FortiOS) can pull this list, and add those malicious IPs to the blacklist.
Configured the settings as per the document. When doing the test the IP is showing in DynamoDB but the S3 action of creating the object ip_blocklist is not working. Verified the Cloudwatch and the following error is showing
2022-01-25T10:54:35.629Z c356fb0f-d991-4bba-b620-0487a211c007 INFO calling generator script.
2022-01-25T10:54:36.223Z c356fb0f-d991-4bba-b620-0487a211c007 INFO called scanDBTable: scan completed.
2022-01-25T10:54:36.385Z c356fb0f-d991-4bba-b620-0487a211c007 INFO called bucketExists: no error.
2022-01-25T10:54:36.709Z c356fb0f-d991-4bba-b620-0487a211c007 INFO called saveBlockListToBucket and return error: AccessControlListNotSupported: The bucket does not allow ACLs at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:699:35) at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14) at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12) at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9) at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12) at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
END RequestId: c356fb0f-d991-4bba-b620-0487a211c007
Also during the IAM policy creation which grants permissions to operate on the S3 bucket, It is notice that there is not HeadBucket Access level which is mentioned in the document.
Please let me know what is missing in the S3 permission and how this can be resolved.