All Apps and Add-ons

AWS Add-on for AWS keeps loading

cyvi01
Path Finder

Hi,

I just installed this Add-on (4.6.1) on one of our Heavy Forwarders (7.3.1.1) in QA. I can not browse the application as it keeps loading on Inputs and Configuration tabs. 

Screenshot 2020-07-09 at 18.43.46.png

The logs 

 

index=_internal source="/opt/splunk/var/log/splunk/splunkd.log" sourcetype=splunkd ERROR aws

 


displays 

 

07-09-2020 18:35:02.158 +0200 ERROR AdminManagerExternal - Unexpected error "<class 'splunk.AuthorizationFailed'>" from python handler: "[HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_aws/configs/conf-server/sslConfig".  See splunkd.log for more details.
host = sto-splunk-qa-hf12.bde.localsource = /opt/splunk/var/log/splunk/splunkd.logsourcetype = splunkd
09/07/2020
18:35:02.158	
07-09-2020 18:35:02.158 +0200 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 88, in init_persistent\n    hand = handler(mode, ctxInfo, data)\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_sqs_inputs_rh.py", line 28, in __init__\n    **kwargs\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/base_input_rh.py", line 44, in __init__\n    self._service = LocalServiceManager(app=tac.splunk_ta_aws, session_key=self.getSessionKey()).get_local_service()\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/local_manager.py", line 14, in __init__\n    enable_ssl = self._get_entity('configs/conf-server', 'sslConfig').get('enableSplunkdSSL')\n  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/local_manager.py", line 28, in _get_entity\n    return entity.getEntity(path, name, sessionKey=self._session_key, namespace=self._app, owner=self._owner)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 265, in getEntity\n    serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 536, in simpleRequest\n    raise splunk.AuthorizationFailed(extendedMessages=uri)\nAuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_aws/configs/conf-server/sslConfig\n

 


Is it some kind of SSL issues somehow ? (I just installed the app and did nothing else).  I can not figure out why it does not work as expected.

Labels (3)
Tags (1)
0 Karma
1 Solution

cyvi01
Path Finder

The problem was in the firewall. 
Allow https://sts.amazonaws.com was not enough. *.amazonaws.com does not work in Check Point and we had to use the dedicated Amazon Services object which unfortunately is way too wide in terms of accessible IPs and services ...

View solution in original post

0 Karma

livehybrid
Builder

Ive seen Unauthorized issues before when not having a valid license, particularly on a HF.

Do you have a valid license on the HF? (Trial, Enterprise license or a Heavy Forwarder license)? 

 

0 Karma

cyvi01
Path Finder

Yes we have a valid QA license for Enterprise. Ok I will make sure that this HF is not somehow excluded from our licensed QA env

0 Karma

cyvi01
Path Finder

No one ?

0 Karma

cyvi01
Path Finder

The problem was in the firewall. 
Allow https://sts.amazonaws.com was not enough. *.amazonaws.com does not work in Check Point and we had to use the dedicated Amazon Services object which unfortunately is way too wide in terms of accessible IPs and services ...

0 Karma

rudiger-smoot
Loves-to-Learn Lots

Ah, so even though the dedicated Amazon Services object is rather permissive, using that in Check Point fixes the loading issue?

0 Karma

cyvi01
Path Finder

Yes it did. The AWS Add-on does not seem to be able to display anything even though the configuration fields should have nothing to do with the connectivity itself but apparently the code does only retrieve configuration data after a connection is acknowledged.

0 Karma

MaverickT
Communicator

We had just installed Splunk Add-on for Amazon Web Services on brand new Splunk server version 8. Works like a charm. You've mentioned that you are using Splunk 7.3.1.1. That might be the reason it is not working, since latest version of Add-on is supported only on Splunk version 8.

 

I guess you have two options:

  1. Upgrade your heavy forwarder to latest splunk version
  2. Use old version of add-on - 4.6.1. is supported with splunk 7.3.

 

0 Karma

cyvi01
Path Finder

As specified in my message i did use 4.6.1 on 7.3.1.1

0 Karma

MaverickT
Communicator

Oh, sorry, fast reading. I am trying to download splunk 7.3.1.1 to help you, but somehow the download link for previous releases of splunk doesn't work :/.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...