All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting Access Denied for Splunk Add-on for AWS

himaniarora20
Explorer
‎05-16-2024 10:33 PM

I am in a bit of a fix right now and getting the below error when I am trying to add a new input to Splunk using this document 

https://docs.splunk.com/Documentation/AddOns/released/AWS/Setuptheadd-on

 

Note:  The Splunk instance is in a different account than the S3 bucket.



Error response received from the server: Unexpected error "<class 'splunktaucclib.rest_handler.error.RestError'>" from python handler: "REST Error [400]: Bad Request -- An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied". See splunkd.log/python.log for more details.

 

I have created an AWS role to allow the user residing in  account where my S3 bucket is and the permissions are like below

himaniarora20_4-1715923864525.png

 

Trust relationship:

himaniarora20_0-1715928426650.png

 

 

The user contains s3full access and AssumeRole policy attached to it. 

 

Splunk config:
The IAM role still shows undiscovered:

himaniarora20_2-1715923650520.png

 

himaniarora20_3-1715923720371.png

 

Are there any changes required at the Splunk instance level in the other account so that it could access the policy?


TIA for your help!

Labels (1)
Labels
Reply

Gasp
Engager
‎06-03-2024 07:53 PM

BUMP! I am having the same issue with similar config. @himaniarora20 you didnt end up finding a resolution?

0 Karma
Reply

himaniarora20
Explorer
‎06-03-2024 10:26 PM

I did actually..  Just found out that you need to try with the indexer instead of Search Head. And also, attach an IAM role to your Splunk server, and  use the ARN of that same role to attach to your Splunk config.

0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games Tutorial Extension - part 9

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games Tutorial Extension - part 8

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Introducing the Splunk Developer Program!

Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...
li.common.scroll-to.top