You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 2, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: gdi/get-data-in/connect/aws/aws-troubleshooting.rst
+5-25Lines changed: 5 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,37 +23,17 @@ The automatic attempt to validate a connection that you just configured fails, s
23
23
Cause
24
24
^^^^^^
25
25
26
-
The connection might fail due to mismatched Identity Access Management (IAM) policies. To diagnose connection failure, check the permissions or policies you set up and compare them to the permissions that AWS requires.
26
+
The connection might fail due to invalid Identity Access Management (IAM) policy used by your AWS integration.
27
27
28
-
Verify whether your error message looks similar to this example:
29
-
30
-
.. code-block:: none
31
-
32
-
Error validating AWS / Cloudwatch credentials
33
-
Validation failed for following region(s):
34
-
us-east-1
35
-
[ec2] software.amazon.awssdk.services.ec2.model.Ec2Exception: You are not authorized to perform this operation.
36
-
37
-
If you receive a similar error message, then the IAM policy that you created to connect AWS to Splunk Observability Cloud does not match the policy already in your AWS account.
38
-
39
-
Similarly, if your AWS account uses a service control policy (SCP) or administrative features such as ``PermissionsBoundary``, then there might be limits on which calls can be made in your organization, even if those calls are covered by your AWS IAM policy.
28
+
If you use the AWS Organizations' :new-page:`Service control policies <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html>` or :new-page:`Permission boundaries for IAM entities <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html>`, they
29
+
might impact the AWS IAM policy you're using to connect to Splunk Observability Cloud.
40
30
41
31
Solution
42
32
^^^^^^^^^
43
33
44
-
Splunk Observability Cloud uses the following calls to validate whether it can accept data from the AWS Compute Optimizer tool to support CloudWatch metric streams:
45
-
46
-
.. code-block:: none
47
-
48
-
client.describeInstanceStatus(),
49
-
client.describeTags(),
50
-
client.describeReservedInstances(),
51
-
client.describeReservedInstancesModifications()
52
-
client.describeOrganization()
53
-
54
-
To ensure that your AWS integration works as expected, revisit your configuration choices in Splunk Observability Cloud to verify that they match the permissions policy in your AWS management console.
34
+
Ensure all :ref:`aws-required-permissions` are included in your IAM policy.
55
35
56
-
A match ensures that conflicting permissions do not cause your AWS environment to block integrations. See the "Amazon CloudWatch permissions reference" in the Amazon documentation for details about the available permissions.
36
+
Also review the AWS Organizations' policies and boundaries you're using.
0 commit comments