AWS (CloudTrail) Collection: Troubleshoot

Document created by RSA Information Design and Development on Jun 25, 2017Last modified by RSA Information Design and Development on Jul 28, 2017
Version 2Show Document
  • View in full screen mode
  

This topic highlights possible problems that you may encounter with AWS (CloudTrail) Collection and suggested solutions to these problems.

Note: In general, you receive more robust log messages by disabling SSL.

                  
Log Message/
Problem
No bucket key found under 'arn:aws:s3:::bucket-name/AWSLogs/account-id/CloudTrail/region/'. Determine if the 'S3 Bucket Name' for CloudTrail is configured and that 'Account Id' and 'Region' are correct. Also determine if the CloudTrail account is configured with a 'Log File Prefix' and if so, it is also defined correctly for this event source.
Possible CauseThe S3 Bucket Name parameter and its associated parameters are not configured correctly.
Solution

For the event source that returned this message:

  1. Make sure that you specified an S3 Bucket Name.
  2. Make sure that you specified the correct Account Id and correct Region.
  3. If the CloudTrail account has a Log File Prefix, make sure that you specified it correctly.

    For example:

You are here
Table of Contents > AWS (CloudTrail) Collection Configuration Guide > Troubleshoot AWS (CloudTrail) Collection

Attachments

    Outcomes