- Newest
- Most votes
- Most comments
Hello,
CloudTrail Event History feature supports only management events. The data events do not show up in Event History and they are sent to the S3 bucket directly that is configured for logging the CloudTrail events. I would suggest you to configure your cloudtrail to enable S3 data logging. You can enable data logging by following the steps given in the documentation[1].
Once the data logging is enabled, you would be able to see the S3 data events being sent in the s3 bucket, that will help to understand which specific S3 API call is getting denied and according to that we can check permission on the role/user calling that API.
In case you require resource specific troubleshooting, feel free to raise a case with AWS support team[2].
Reference [1]https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html [2]https://us-east-1.console.aws.amazon.com/support/home?region=us-east-1#
Is the proper permissions configured for the role you are using when running IDT?
You can find what permissions your role needs in Step 2: Configure permissions for IDT
there is a permission block called s3Resources
which lists all the permissions IDT needs.
https://docs.aws.amazon.com/greengrass/v2/developerguide/dev-tst-prereqs.html
Another possible cause is the stream manager might be using the wrong credentials
for more information you can look at Stream manager qualification errors
in
https://docs.aws.amazon.com/greengrass/v2/developerguide/idt-troubleshooting.html#stream-manager-qualification-failure
Relevant content
- Accepted Answerasked 5 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 days ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago