I am using the AWS SDK for Java to import security findings from a custom security solution. When I try to call batchImportFindings, it gives me an AccessDeniedException even though I have enabled the AWSSecurityHubFullAccess policy for the user I am requesting as.
This is the error message I get
These are the policies I have set on the user I am requesting as
When I invoke batch-import-findings from the AWS CLI, I am able to import findings no problem. I only run into issues when calling it programmatically using the AWS Java SDK 2.
I have tried requesting as another user without the AWSSecurityHubFullAccess policy attached to their account and it gives me the same error. So it seems like its just not recognizing that the user has the correct permissions.
I am currently developing this from inside a VM in bridged network mode but I get the same error when running not from a VM as well.
Below is the relevant code. All of this is running from main until I can verify that it works
Client and request building
//Client Builder
ProfileCredentialsProvider credentialsProvider = ProfileCredentialsProvider.builder().profileName(profileName).build();
SecurityHubClientBuilder clientBuilder = SecurityHubClient.builder().region(Region.US_EAST_1).credentialsProvider(credentialsProvider);
SecurityHubClient client = clientBuilder.build();
//Request Builder
Builder requestBuilder = BatchImportFindingsRequest.builder();
BatchImportFindingsRequest importFindings = requestBuilder.build();
Sending the request
System.out.println("Creating Request...");
importFindings.findings();
System.out.println("Sending request with BatchImportFindings...");
try{
client.batchImportFindings(importFindings); //Error is produced here
}
catch (AccessDeniedException ad){
System.out.println("Access Denied for User: " + profileName);
}
System.out.println("Shutdown");
client.close();
System.out.println("Done");
