I’ve configured the AWS-CloudTrail input in Graylog, but the graylog is unable to pull the logs.
The graylog log file shows the following error message:
2017-10-18T15:21:29.741+03:00 ERROR [CloudTrailSubscriber] Could not read messages from SQS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying.
com.amazonaws.services.sqs.model.AmazonSQSException: Access to the resource https://sqs.eu-central-1.amazonaws.com/test-SQS is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: c2cc9cb6-95c8-59c7-a16e-ced7dc78fc36)
I’ve tested the “secret key” and the “access key” with third-party program and I was able to login to s3 and view the logs.
I also verified that the IAM user have permissions to read CloudTrail logs from S3 and write notifications from SQS.