How to export AWS Security Hub findings to CSV format

Hi,

I understand you would like to know how to fix the particular error you are running into. The error is coming from the S3 bucket policy. ("Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;")

It means the value of a Principal in your S3 bucket policy created from the solution is not valid. To resolve this error, follow the instructions here:

• https://repost.aws/knowledge-center/s3-invalid-principal-in-policy-error

I hope this helps. Let me know if I answered your question or if you have any follow-up.

Kind regards, Ahmed

References: [1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html#BucketPolicies [2] https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html#specifyingPrincipals

From the blog listed in the query, Lamba function which converts Security hub findings in CSV and write to S3 bucket. Based on the error message - it seems that you are missing bucket policy on S3 to allow for lambda execution role to have write access to the bucket. Follow the instruction @ **https://repost.aws/knowledge-center/lambda-execution-role-s3-bucket **which provides example policy to grant Lamdba execution role access to S3 bucket.