-
-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error while Creating a stack - Kinesis.AccessDenied #5
Comments
That error shows up for a successful deployment and can be ignored. What is the error in CloudFormation? |
I had to delete your comment as it had your credentials in it. This is a public page. Anyone can see this. Please re-post without that. |
Please re-post. |
Thanks for your response.
|
Sounds like the Subscriber custom resource failed. The log for that should be in CloudWatch under something like If you have on account you can leave the accounts list as just Why do you want to reduce the subscription schedule to 5 minutes? Do you expect to be creating new log groups a lot? If you do, that's just a parameter for the stack that you can modify. Use |
CloudWatch Logs from /aws/lambda/CloudWatch2S3-LogSubscriberFunction-xxxx: 04:39:26 no last exception: ValueError |
Can you download the latest version and try again? It's not going to fix it, but it's going to hopefully print the real error. That one is just an error printing the error. |
Latest version of what should I download ? |
Of this project's template. |
START RequestId: 885cad79-9446-479f-a1fd-c508f4c29c28 Version: $LATEST |
Do you already have a subscription on It sounds like you don't want to subscribe to that log anyway as it's not coming from your web server. Maybe try setting "Required Log Group Name Prefix" to |
The only Log Group I have in CloudWatch logs is demoWebServer. Rest were all created by CloudWatch2S3. I deleted all of them except mine (demoWebServer) and tried again. I get the same error. I can't add a prefix because I want newer Log groups to be subscribed automatically when they are added and i do not know what their naming convention would be. demoWebServer is just my test log group which i configured to push my Webserver logs. Please advise. |
Are you sure? You can also try the latest version. I made it skip log groups that are already subscribed to something else. |
|
Voila, Create Stack Completed Successfully!
|
|
Hi, This morning I checked my S3 bucket and I see some logs organized in the folders such as below: I however do not see my Webserver logs captured under demoWebServer folder in CloudWatch anywhere in S3. Where will it be located ? Will the S3 bucket contain name of the CW Log group while capturing the raw data. Also when I click on the Object URL of any entry in any of the other folders in S3, I get the below content for all of my entries in the log bucket. Where is it from ? AccessDenied
Access Denied
0745C4FE80374527
Ol+ygcTOnew4mQoJzypUuMoTSXhAewtViVdjSlqiT530VyRWGmJP5KUmhC95cRXrLoLWCnCXRgQ=
Thanks. |
Don't click the URL. Click the Download link instead. This should let you see what's inside the logs in S3. |
Yes, I now see my raw data logs in S3. Thanks much for creating a great Tutorial and your help in issue resolution. Appreciate it! |
Make the delivery stream wait on the permissions to execute the processing Lambda Thanks Niklas Rosencrantz for pointing it out
Hello,
Greetings. My name is Anitha and I am a newbie to AWS. I came across your Cloudwatch2S3 blog and was super excited to try it out. I followed the instructions and Created a stack by uploading your Cloud Formation Template.
Stack Creation did not complete successfully and got rolled back. I did notice an error in the following Log Group / Log Stream:
I am unable to proceed, immensely appreciate if you can help me.
Log Groups/aws/kinesisfirehose/CloudWatch2S3-DeliveryStreamS3Delivery
{
"deliveryStreamARN": "arn:aws:firehose:us-east-1:017396793107:deliverystream/CloudWatch2S3-DeliveryStream-7K2JT6X19VY9",
"destination": "arn:aws:s3:::cloudwatch2s3-logbucket-y6bdn4u1akzc",
"deliveryStreamVersionId": 1,
"message": "Access was denied when calling Kinesis. Ensure the access policy on the IAM role used allows access to the appropriate Kinesis APIs.",
"errorCode": "Kinesis.AccessDenied",
"processor": "arn:aws:lambda:us-east-1:017396793107:function:CloudWatch2S3-LogProcessorFunction-BV2QL3V5RVA8"
}
I login to my AWS account as a root user and i have the following policy attached. (Screenshot attached)
Thanks,
Anitha
The text was updated successfully, but these errors were encountered: