All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

AWS Add-on for AWS keeps loading

cyvi01
Path Finder
‎07-09-2020 09:52 AM

Hi,

I just installed this Add-on (4.6.1) on one of our Heavy Forwarders (7.3.1.1) in QA. I can not browse the application as it keeps loading on Inputs and Configuration tabs. 

Screenshot 2020-07-09 at 18.43.46.png

The logs 

 

index=_internal source="/opt/splunk/var/log/splunk/splunkd.log" sourcetype=splunkd ERROR aws

 


displays 

 

07-09-2020 18:35:02.158 +0200 ERROR AdminManagerExternal - Unexpected error "<class 'splunk.AuthorizationFailed'>" from python handler: "[HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_aws/configs/conf-server/sslConfig".  See splunkd.log for more details.
host = sto-splunk-qa-hf12.bde.localsource = /opt/splunk/var/log/splunk/splunkd.logsourcetype = splunkd
09/07/2020
18:35:02.158	
07-09-2020 18:35:02.158 +0200 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 88, in init_persistent\n    hand = handler(mode, ctxInfo, data)\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_sqs_inputs_rh.py", line 28, in __init__\n    **kwargs\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/base_input_rh.py", line 44, in __init__\n    self._service = LocalServiceManager(app=tac.splunk_ta_aws, session_key=self.getSessionKey()).get_local_service()\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/local_manager.py", line 14, in __init__\n    enable_ssl = self._get_entity('configs/conf-server', 'sslConfig').get('enableSplunkdSSL')\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/local_manager.py", line 28, in _get_entity\n    return entity.getEntity(path, name, sessionKey=self._session_key, namespace=self._app, owner=self._owner)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 265, in getEntity\n    serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 536, in simpleRequest\n    raise splunk.AuthorizationFailed(extendedMessages=uri)\nAuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_aws/configs/conf-server/sslConfig\n

 


Is it some kind of SSL issues somehow ? (I just installed the app and did nothing else).  I can not figure out why it does not work as expected.

Labels (3)
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

cyvi01
Path Finder
‎08-05-2020 06:17 AM

The problem was in the firewall. 
Allow https://sts.amazonaws.com was not enough. *.amazonaws.com does not work in Check Point and we had to use the dedicated Amazon Services object which unfortunately is way too wide in terms of accessible IPs and services ...

View solution in original post

0 Karma
Reply
Solved! Jump to solution

livehybrid
Influencer
‎07-09-2020 11:50 AM

Ive seen Unauthorized issues before when not having a valid license, particularly on a HF.

Do you have a valid license on the HF? (Trial, Enterprise license or a Heavy Forwarder license)? 

 

0 Karma
Reply
Solved! Jump to solution

cyvi01
Path Finder
‎07-09-2020 01:23 PM

Yes we have a valid QA license for Enterprise. Ok I will make sure that this HF is not somehow excluded from our licensed QA env

0 Karma
Reply
Solved! Jump to solution

cyvi01
Path Finder
‎07-14-2020 03:51 AM

No one ?

0 Karma
Reply
Solved! Jump to solution
Solution

cyvi01
Path Finder
‎08-05-2020 06:17 AM

The problem was in the firewall. 
Allow https://sts.amazonaws.com was not enough. *.amazonaws.com does not work in Check Point and we had to use the dedicated Amazon Services object which unfortunately is way too wide in terms of accessible IPs and services ...

0 Karma
Reply
Solved! Jump to solution

rudiger-smoot
Loves-to-Learn Lots
‎08-30-2020 04:20 PM

Ah, so even though the dedicated Amazon Services object is rather permissive, using that in Check Point fixes the loading issue?

0 Karma
Reply
Solved! Jump to solution

cyvi01
Path Finder
‎08-31-2020 02:20 PM

Yes it did. The AWS Add-on does not seem to be able to display anything even though the configuration fields should have nothing to do with the connectivity itself but apparently the code does only retrieve configuration data after a connection is acknowledged.

0 Karma
Reply
Solved! Jump to solution

MaverickT
Communicator
‎07-09-2020 10:38 AM

We had just installed Splunk Add-on for Amazon Web Services on brand new Splunk server version 8. Works like a charm. You've mentioned that you are using Splunk 7.3.1.1. That might be the reason it is not working, since latest version of Add-on is supported only on Splunk version 8.

 

I guess you have two options:

  1. Upgrade your heavy forwarder to latest splunk version
  2. Use old version of add-on - 4.6.1. is supported with splunk 7.3.

 

0 Karma
Reply
Solved! Jump to solution

cyvi01
Path Finder
‎07-09-2020 10:54 AM

As specified in my message i did use 4.6.1 on 7.3.1.1

0 Karma
Reply
Solved! Jump to solution

MaverickT
Communicator
‎07-09-2020 11:07 AM

Oh, sorry, fast reading. I am trying to download splunk 7.3.1.1 to help you, but somehow the download link for previous releases of splunk doesn't work :/.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...
Top