When creating or updating an S3 source under a Hosted collector in the Sumo Logic Collection tab, the following error is seen
"Unable to update Source. Your AWS Credentials do not have read permissions for the specified path expression."
When validating access to the supplied bucket and path expression Sumo Logic makes a couple of initial calls to AWS. The first call is a List Object call to the bucket. Sumo Logic then makes a second call to Get Object Summary for the objects in the bucket matching the path expression supplied and this is where the error received usually occurs.
A common cause for a failure to read the object information is due to objects within the supplied bucket/path containing special characters such as "+", "&" etc.. in the object names.
Per AWS documentation, some special characters are not guaranteed to be safe characters to use for S3 object naming. The following characters within an object name might lead to an error when attempting to validate the bucket and path expression supplied within an S3 Source configuration:
ASCII character ranges 00–1F hex (0–31 decimal) and 7F (127 decimal)
'At' symbol ("@")
Space – Significant sequences of spaces may be lost in some uses (especially multiple spaces)
Question mark ("?")
- Any of the above listed special characters within you object names
- Permissions of the objects itself to ensure the key/role used to connect has the appropriate permissions to the objects.
Assuming the above applies, please make the necessary updates to the object permissions or object names.
A second cause for an error in reading the objects from the path is invalid permissions to specific objects by the specified key or role.
To verify that the above cause applies, create a test folder at the top of the S3 bucket and insert some test files. Then create an S3 source in Sumo Logic with the correct path expression to point to the test folder to verify first the successful creation/update of the S3 source and second the successful ingestion of data in the S3 objects from the test folder.
If the above test works, please evaluate the objects in the specified path expression that failed the S3 source creation or update and make the necessary updates to the object permissions that make them inaccessible.