We are using Splunk CLoud and need to integrate it with our AWS accounts. The whole scheme of integrations looks like
https://cloudcraft.co/view/e3810740-7b15-4d3c-9484-fb7cc9e8bb23?key=Bf6ssGDBu5IRZ__eBW9d3g
I've created Policy "Configure one policy containing permissions for all inputs" https://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions
also granted the user to delegate permissions for this role to IAM users.
Add admin account in AWS addons for AWS > Configuration > Account
I set the admin account just for testing for making sure that User has all privileges that can we need.
But when I am trying to add new Input CloudTrail(SQS based S3) I got an error:
Unexpected error "" from python handler: "HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Could not find object id=assume_role"}]}". See splunkd.log for more details.
https://www.screencast.com/t/JRXWXXGuUX
I've also trying to set the Role here. The same result. Also, as I understand Role is using for checking other linked AWS accounts to the current one.
logs queue has available messages
I will appreciate any help
Please try changing the app permissions to Global. It fixed the problem in my case
This has worked for me, thank you!