Amazon Web Service S3 data connector failure for guard duty logs

[philfy20]

As of the 28th July 5:00am AEST we have been getting Data fetch failures against the the AWS S3 data connector for only the Guard duty logs, this is across 10+ customers (we are a MSSP). Details on error are:

• HealthResultType = PermanentFailure
• StatusCode = S3B40012
• StatusMessage = Data fetch failed due to missing credentials for the SQS queue. Delete the existing AWS S3 data connector and connect a new one. If only the SQS queue was deleted, create a new Amazon SQS queue and configure the necessary SQS policy.

We have have checked permissions and everything is correct (SQS queue is there) and we are still getting logs from the other tables such as cloud trail

[v-mabrindha]

Hi @philfy20, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 02-08-2024. Thanks!

[philfy20]

@v-mabrindha looks like issue has been resolved, guard duty logs are starting to flow through again. Do you happen to know the cause of the issue?

[v-mabrindha]

Thank you, @philfy20 for the status update. Now that the issue has been resolved, I'll proceed with closing this GitHub issue. We'll investigate the root cause and keep you informed.