When creating or updating an S3 source under a Hosted collector in the Sumo Logic Collection tab, the following error is seen
"Unable to update Source. Your AWS Credentials do not have read permissions for the specified path expression."
When validating access to the supplied bucket and path expression Sumo Logic makes a couple of initial calls to AWS. The first call is a List Object call to the bucket. Sumo Logic then makes a second call to Get Object Summary for the objects in the bucket matching the path expression supplied and this is where the error received usually occurs.
A common cause for a failure to read the object information is due to objects within the supplied bucket/path containing special characters such as "+", "&" etc.. in the object names.
Per AWS documentation, some special characters are not guaranteed to be safe characters to use for S3 object naming. The following characters within an object name might lead to an error when attempting to validate the bucket and path expression supplied within an S3 Source configuration:
ASCII character ranges 00–1F hex (0–31 decimal) and 7F (127 decimal)
'At' symbol ("@")
Space – Significant sequences of spaces may be lost in some uses (especially multiple spaces)
Question mark ("?")
- Any of the above listed special characters within you object names
- Permissions of the objects itself to ensure the key/role used to connect has the appropriate permissions to the objects.
Assuming the above applies, please make the necessary updates to the object permissions or object names.
A second cause for an error in reading the objects from the path is invalid permissions to specific objects by the specified key or role.
Please evaluate the objects in the specified path expression that failed the S3 source creation or update and make the necessary updates to the object permissions that make them inaccessible. Here is an AWS KB link that explains permissions issues and how to address it