All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cant add CloudTrail(SQS based S3) to AWS addons for AWS.

Sorok71
Engager
‎08-07-2018 05:13 AM

We are using Splunk CLoud and need to integrate it with our AWS accounts. The whole scheme of integrations looks like
https://cloudcraft.co/view/e3810740-7b15-4d3c-9484-fb7cc9e8bb23?key=Bf6ssGDBu5IRZ__eBW9d3g

I've created Policy "Configure one policy containing permissions for all inputs" https://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions

also granted the user to delegate permissions for this role to IAM users.

Add admin account in AWS addons for AWS > Configuration > Account
I set the admin account just for testing for making sure that User has all privileges that can we need.

But when I am trying to add new Input CloudTrail(SQS based S3) I got an error:

Unexpected error "" from python handler: "HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Could not find object id=assume_role"}]}". See splunkd.log for more details.
https://www.screencast.com/t/JRXWXXGuUX

I've also trying to set the Role here. The same result. Also, as I understand Role is using for checking other linked AWS accounts to the current one.

logs queue has available messages

I will appreciate any help

Tags (4)
Reply

mlogendra_splun
Splunk Employee
Splunk Employee
‎08-28-2018 11:47 PM

Please try changing the app permissions to Global. It fixed the problem in my case

Reply

vinkumar_splunk
Splunk Employee
Splunk Employee
‎09-18-2018 02:55 AM

This has worked for me, thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...