Troubleshooting Tip: Failed Test Connectivity with AWS CloudTrail API and FortiSIEM integration

1. Confirm that each step in the document below has been properly completed: AWS CloudTrail API.
2. Refer to the document below to obtain the Access Key ID and Secret Access Key: AWS Access Key IAM Permissions and IAM Policies.
3. If the error 'failed (Invalid Credential or Timeout)' occurs, new access keys have already been generated and verify that SQS, SNS, the S3 bucket, and CloudTrail are deployed in the same AWS region, the issue is likely due to the use of a custom inline policy for accessing the S3 bucket, as described in document item 2.
4. To grant read-only access to a specific Amazon S3 bucket, use the following custom inline policy on the AWS side:

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": [

        "s3:GetObject",

        "s3:ListBucket"

      ],

      "Resource": [

        "arn:aws:s3:::bucket-name",

        "arn:aws:s3:::bucket-name/*"

      ]

    }

  ]

}

5. It is necessaryto refer to the bucket itself 'arn:aws:s3:::bucket-name' and the objects within the bucket 'arn:aws:s3:::bucket-name/*'. After changing, the Test connectivity should be successful.

    

This error may also occur if firewall rules do not permit access to Amazon services. Verify that outbound access is allowed for all required Amazon services, not just the amazon.com domain.