AWS CloudTrail - Could not read messages from SQS


I’ve configured the AWS-CloudTrail input in Graylog, but the graylog is unable to pull the logs.
The graylog log file shows the following error message:

2017-10-18T15:21:29.741+03:00 ERROR [CloudTrailSubscriber] Could not read messages from SQS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying. Access to the resource is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: c2cc9cb6-95c8-59c7-a16e-ced7dc78fc36)

Please advise.



Any suggestions?

my suggestion, check your credentials in graylog and check if you have enabled to access to the logs.

Hi Jan,

Thanks for your response.

I’ve tested the “secret key” and the “access key” with third-party program and I was able to login to s3 and view the logs.
I also verified that the IAM user have permissions to read CloudTrail logs from S3 and write notifications from SQS.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.