Forum Discussion
sentinel amazon web service connector script fails
Hi there,
I'm trying to configure the AWS S3 (Preview) connector.
It provides a powershell script and detailed instructions which I think I've followed correctly.
However the powershell script fails with the following error:
https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/AWS-S3
When running this script from powershell (on Windows 11, fully patched), the following errors are consistently seen, before the script quits:
.\ConfigAwsConnector.ps1
Starting ConfigAwsConnector at: 06/16/2023 21:13:33
Log created: C:\users\bob\aws\Logs\AwsS3-06162113.csv
To begin you will choose the AWS logs to configure.
Please enter the AWS log type to configure (VPC, CloudTrail, GuardDuty, CustomLog): CloudTrail
Checking AWS CLI configuration...
This script creates an Assume Role with minimal permissions to grant Azure Sentinel access to your logs in a designated S3 bucket & SQS of your choice, enable CloudTrail Logs, S3 bucket, SQS Queue, and S3 notifications.
Notes:
- You can find more information about the script in https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/README.md
- If a resource name(like: S3, Sqs, Kms) already exists, the script will use the available one and not create a new resource
Assume role definition
Please enter role name. If you have already configured an assume role for Azure Sentinel, use the same role name: Sentinel
Using role name: Sentinel
ConvertFrom-Json : Invalid JSON primitive: ROLE.
At C:\users\bob\aws\ConfigCloudTrailDataConnector.ps1:244 char:30
- $roleArn = ($roleArnObject | ConvertFrom-Json ).Role.Arn
- CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
- FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
Write-Log : Cannot bind argument to parameter 'Message' because it is null.
At C:\users\bob\aws\ConfigCloudTrailDataConnector.ps1:245 char:20
- Write-Log -Message $roleArn -LogFileName $LogFileName -Severity Verbo ...
- CategoryInfo : InvalidData: (:) [Write-Log], ParameterBindingValidationException
- FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Write-Log
To Reproduce
Steps to reproduce the behaviour:
Follow the instructions as presented here:
https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/AWS-S3
See error as shown above.
Thoughts?
Has anyone had success with this script or did you give up and follow the "manual method"?
Thanks for your help.
Same problem here, any update on this issue. Did you find a way to fix the original script provided by Microsoft for the onboarding of AWS Cloudtrail ?
SocInABox have you checked out the content hub within Microsoft Sentinel
it looks to have a newer version of this
