I have configured my aws logging account with splunk. The logging account has a centralized s3 bucket for cloudtrail logs collection from all aws accounts in the organization. while i'm able to create a 'description' input and it shows the s3 buckets in the account, splunk does not detect any s3 buckets in the account when i try to configure a new input for either cloudtrail or custom-data with Generic S3 or Incremental S3. i've verified that my IAM user/role and bucket policies are correct by using the same user/role on aws cli to list buckets/objects etc. any suggestions please?
I am facing the same issue. Any solution?
This should be due to Account permission issue in AWS. Regarding AWS account, are you Key ID/ Secret Key or Role-based access?