All Apps and Add-ons

AWS Add-on for AWS keeps loading

Explorer

Hi,

I just installed this Add-on (4.6.1) on one of our Heavy Forwarders (7.3.1.1) in QA. I can not browse the application as it keeps loading on Inputs and Configuration tabs. 

Screenshot 2020-07-09 at 18.43.46.png

The logs 

 

index=_internal source="/opt/splunk/var/log/splunk/splunkd.log" sourcetype=splunkd ERROR aws

 


displays 

 

07-09-2020 18:35:02.158 +0200 ERROR AdminManagerExternal - Unexpected error "<class 'splunk.AuthorizationFailed'>" from python handler: "[HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_aws/configs/conf-server/sslConfig".  See splunkd.log for more details.
host = sto-splunk-qa-hf12.bde.localsource = /opt/splunk/var/log/splunk/splunkd.logsourcetype = splunkd
09/07/2020
18:35:02.158	
07-09-2020 18:35:02.158 +0200 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 88, in init_persistent\n    hand = handler(mode, ctxInfo, data)\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_sqs_inputs_rh.py", line 28, in __init__\n    **kwargs\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/base_input_rh.py", line 44, in __init__\n    self._service = LocalServiceManager(app=tac.splunk_ta_aws, session_key=self.getSessionKey()).get_local_service()\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/local_manager.py", line 14, in __init__\n    enable_ssl = self._get_entity('configs/conf-server', 'sslConfig').get('enableSplunkdSSL')\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/local_manager.py", line 28, in _get_entity\n    return entity.getEntity(path, name, sessionKey=self._session_key, namespace=self._app, owner=self._owner)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 265, in getEntity\n    serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 536, in simpleRequest\n    raise splunk.AuthorizationFailed(extendedMessages=uri)\nAuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_aws/configs/conf-server/sslConfig\n

 


Is it some kind of SSL issues somehow ? (I just installed the app and did nothing else).  I can not figure out why it does not work as expected.

Labels (3)
Tags (1)
0 Karma
1 Solution

Explorer

The problem was in the firewall. 
Allow https://sts.amazonaws.com was not enough. *.amazonaws.com does not work in Check Point and we had to use the dedicated Amazon Services object which unfortunately is way too wide in terms of accessible IPs and services ...

View solution in original post

0 Karma

Contributor

Ive seen Unauthorized issues before when not having a valid license, particularly on a HF.

Do you have a valid license on the HF? (Trial, Enterprise license or a Heavy Forwarder license)? 

 

0 Karma

Explorer

Yes we have a valid QA license for Enterprise. Ok I will make sure that this HF is not somehow excluded from our licensed QA env

0 Karma

Explorer

No one ?

0 Karma

Explorer

The problem was in the firewall. 
Allow https://sts.amazonaws.com was not enough. *.amazonaws.com does not work in Check Point and we had to use the dedicated Amazon Services object which unfortunately is way too wide in terms of accessible IPs and services ...

View solution in original post

0 Karma

Observer

Ah, so even though the dedicated Amazon Services object is rather permissive, using that in Check Point fixes the loading issue?

0 Karma

Explorer

Yes it did. The AWS Add-on does not seem to be able to display anything even though the configuration fields should have nothing to do with the connectivity itself but apparently the code does only retrieve configuration data after a connection is acknowledged.

0 Karma

Communicator

We had just installed Splunk Add-on for Amazon Web Services on brand new Splunk server version 8. Works like a charm. You've mentioned that you are using Splunk 7.3.1.1. That might be the reason it is not working, since latest version of Add-on is supported only on Splunk version 8.

 

I guess you have two options:

  1. Upgrade your heavy forwarder to latest splunk version
  2. Use old version of add-on - 4.6.1. is supported with splunk 7.3.

 

0 Karma

Explorer

As specified in my message i did use 4.6.1 on 7.3.1.1

0 Karma

Communicator

Oh, sorry, fast reading. I am trying to download splunk 7.3.1.1 to help you, but somehow the download link for previous releases of splunk doesn't work :/.

0 Karma