Problem: The S3 bucket we are trying to access is managed by Cisco Umbrella. We do not have the access required to generate IAM roles. We are trying to configure the access using an Access ID and Access Key – I’m guessing this is not sufficient? The connection was successful, but no logs are being ingested. Do you think this is because the Access ID does not have proper permissions?
Cause: When you use a Cisco-owned S3 bucket, permissions are strict. They only have a token to run "s3:GetObject" and "s3:GetObjectVersion" within their folder instance, all operations on the bucket will be denied.
Resolution: You need custom IAM user permission and roles that allow access to the whole bucket for Sumo Logic, you would need to use an AWS S3 self-managed bucket instead.
- Follow the below steps to configure your AWS S3 source
- Make sure that bucket policies are set as per the below link