This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

AWS Transit VPC GitHub Solution Question #2 - Access Denied

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS Transit VPC GitHub Solution Question #2 - Access Denied

brichbourg
L2 Linker

‎05-21-2018 08:59 AM

Has anyone encounted an access denied error for the cloudTrailLambda getting to the Transit VPC S3 bucket?

 

 

[INFO] 2018-05-21T15:52:58.460Z 085dd5fc-5d0f-11e8-ba39-23960ea84bc5 Starting new HTTPS connection (1):
 
maskednamed-transitvpccloudtrail-us-east-1-acctnumber.s3.amazonaws.com
 

An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

0 Likes Likes
15 REPLIES 15

jperry1
L5 Sessionator

‎05-21-2018 09:56 AM

Typically as long as the S3 bucket is created with the default settings and in the same region it will work. Maybe try launching it one more time using the same S3 Bucket. You need to have listbucket and getobject permissions set so if there was any deviation from the base permissions you could get an error. 

 

 

https://www.paloaltonetworks.com/documentation/81/virtualization/virtualization/bootstrap-the-vm-ser...

 

 

0 Likes Likes

brichbourg
L2 Linker
In response to jperry1

‎05-21-2018 10:24 AM

I'm getting errors from the CloudTrail based bucket that is created, not the bootstrap bucket I created manually before.  I've launched this many times and I continue to get the same permission error on that bucket.

 

Right now I am just trying to get it to work within the same account.

 

The CFNs are creating, these are just errors I see on the Lambda function afterwards. 

 

0 Likes Likes

jmeurer
L4 Transporter

‎05-21-2018 10:53 AM

Can you run a test in a Region other than East 1.  I have seen something similar in East 1.

0 Likes Likes

brichbourg
L2 Linker
In response to jmeurer

‎05-21-2018 10:57 AM

Yeah I can try that, but my client has resources in US-EAST-1, so this will still be an issue.

 

Stay by, I will try US-EAST-2 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks