https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163854#M15424 <P>We are also trying to configure Splunk to gather cloudtrail logs from govcloud. It appears that it is not possible at this time. We have accounts in both the AWS general cloud and govcloud. Splunk gathers cloudtrail logs fine from the general cloud. But Splunk cannot gather cloudtrail logs from govcloud. </P> <P>The issue appears to be that Splunk is attempting to log into into the general cloud for S3 and cannot find the S3 cloudtrail files for govcloud. All SQS data is correct and retrieved okay. But the aws_cloudtrail.py script fails to find the S3 file. You can see the error very easily by trying to configure a Splunk S3 input with the govcloud user:</P> <P>Failed to fetch data: In handler 'splunk_ta_aws_s3buckets': Unexpected error "" from python handler: "S3ResponseError: 403 Forbidden <CODE>InvalidAccessKeyId</CODE>The AWS Access Key Id you provided does not exist in our records.AAAAAAAAAAAAAAAAAAAA8888888888888WWWWWWWWWWWWWW=". See splunkd.log for more details.</P> <P>This same splunk AWS users works fine when configuring a cloudtrail input and can even find the correct SQS queue. It just fails when it trys to find the S3 file.</P> <P>Does anyone know how to configure the Splunk AWS add-on to access S3 data in the govcloud region? It seems the Splunk AWS user should have a flag to set if this is a govcloud user.</P> Mon, 28 Sep 2020 18:46:43 GMT bendter 2020-09-28T18:46:43Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163852#M15422 <P>We have a very simple AWS GovCloud environment which is accessed by two members of our company. Last week we jumped at the anouncment that GovCloud had finally implemented support for CloudTrail. We are now logging GovCloud API calls to our GovCloud S3.</P> <P>We need help configuring Splunk to access and parse our GovCloud CloudTrail logs.</P> <P>Thanks for any help you can provide.</P> <PRE><CODE>Michael Schimpf Advanced Survey Design </CODE></PRE> Tue, 23 Dec 2014 02:05:57 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163852#M15422 asdsplunk 2014-12-23T02:05:57Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163853#M15423 <P>did you get a chance to look at Splunk Apps for AWS. You can download it from <A href="https://apps.splunk.com/app/1274/">https://apps.splunk.com/app/1274/</A> </P> Tue, 23 Dec 2014 16:17:35 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163853#M15423 satishsdange 2014-12-23T16:17:35Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163854#M15424 <P>We are also trying to configure Splunk to gather cloudtrail logs from govcloud. It appears that it is not possible at this time. We have accounts in both the AWS general cloud and govcloud. Splunk gathers cloudtrail logs fine from the general cloud. But Splunk cannot gather cloudtrail logs from govcloud. </P> <P>The issue appears to be that Splunk is attempting to log into into the general cloud for S3 and cannot find the S3 cloudtrail files for govcloud. All SQS data is correct and retrieved okay. But the aws_cloudtrail.py script fails to find the S3 file. You can see the error very easily by trying to configure a Splunk S3 input with the govcloud user:</P> <P>Failed to fetch data: In handler 'splunk_ta_aws_s3buckets': Unexpected error "" from python handler: "S3ResponseError: 403 Forbidden <CODE>InvalidAccessKeyId</CODE>The AWS Access Key Id you provided does not exist in our records.AAAAAAAAAAAAAAAAAAAA8888888888888WWWWWWWWWWWWWW=". See splunkd.log for more details.</P> <P>This same splunk AWS users works fine when configuring a cloudtrail input and can even find the correct SQS queue. It just fails when it trys to find the S3 file.</P> <P>Does anyone know how to configure the Splunk AWS add-on to access S3 data in the govcloud region? It seems the Splunk AWS user should have a flag to set if this is a govcloud user.</P> Mon, 28 Sep 2020 18:46:43 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163854#M15424 bendter 2020-09-28T18:46:43Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163855#M15425 <P>Having the exact same problem us-gov-west-1. It appears there is some separation when a govcloud account gets set up. Similar to when we request updates to our allowed instances it showed on the wrong side and took week+ to correct.</P> Wed, 18 Feb 2015 18:32:08 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163855#M15425 ubeeman 2015-02-18T18:32:08Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163856#M15426 <P>According to the <A href="http://docs.splunk.com/Documentation/AddOns/latest/AWS/Releasenotes">release notes</A>, v3.0 of the AWS Add-on now supports GovCloud:</P> <PRE><CODE>2015-12-23 ADDON-6870 Support for GovCloud and China regions in the configuration UI. </CODE></PRE> Wed, 10 Feb 2016 18:06:58 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163856#M15426 Paolo_Prigione 2016-02-10T18:06:58Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163857#M15427 <P>You can refer to this article: <A href="https://medium.com/@grizzbaier/making-the-splunk-app-for-aws-work-in-the-govcloud-region-7587bedcfc83">https://medium.com/@grizzbaier/making-the-splunk-app-for-aws-work-in-the-govcloud-region-7587bedcfc83</A></P> Mon, 12 Mar 2018 18:42:53 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-Splunk-to-access-and-parse-AWS-GovCloud/m-p/163857#M15427 jonasm1 2018-03-12T18:42:53Z