000033176 - RSA Security Analytics - Cloud trail integration test connection fails for AWS GovCloud or Private Clouds

Document created by RSA Customer Support Employee on Jul 3, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033176
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.5,10.6.0
IssueWhen Cloud Trial integration followed for GovCloud, the test connection fails with below error in GUI:
 
CloudTrailCollector authentication error connecting to S3, check user credentials/permissions! S3ResponseError: 403 Forbidden
User-added image
CauseThis issue is due to SA Log Collector works only with AWS Public Clouds. It does not work with AWS GovCloud or Private Cloud as of now. 
 
ResolutionHotfix to be included in 10.6.2 version release.
WorkaroundPlease use below steps as workaround for successful integration:
  1. Stop LC service using stop nwlogcollector command.
  2. Take back up of /etc/netwitness/ng/logcollection/content/collection/cmdscript/cloudtrail/sa_cloudtrail_collector.py by copying file to different location.
  3. Replace this script with the sa_cloudtrail_collector.py file attached to this article.
  4. Start LC service using start nwlogcollector.
  5. Go to CloudTail event source on SA UI and click on 'Test Connection' button to check whether it returns successful or not.

Outcomes