All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cant add CloudTrail(SQS based S3) to AWS addons for AWS.

Sorok71
Engager
‎08-07-2018 05:13 AM

We are using Splunk CLoud and need to integrate it with our AWS accounts. The whole scheme of integrations looks like
https://cloudcraft.co/view/e3810740-7b15-4d3c-9484-fb7cc9e8bb23?key=Bf6ssGDBu5IRZ__eBW9d3g

I've created Policy "Configure one policy containing permissions for all inputs" https://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions

also granted the user to delegate permissions for this role to IAM users.

Add admin account in AWS addons for AWS > Configuration > Account
I set the admin account just for testing for making sure that User has all privileges that can we need.

But when I am trying to add new Input CloudTrail(SQS based S3) I got an error:

Unexpected error "" from python handler: "HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Could not find object id=assume_role"}]}". See splunkd.log for more details.
https://www.screencast.com/t/JRXWXXGuUX

I've also trying to set the Role here. The same result. Also, as I understand Role is using for checking other linked AWS accounts to the current one.

logs queue has available messages

I will appreciate any help

Tags (4)
Reply

mlogendra_splun
Splunk Employee
Splunk Employee
‎08-28-2018 11:47 PM

Please try changing the app permissions to Global. It fixed the problem in my case

Reply

vinkumar_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 02:55 AM

This has worked for me, thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...