ConfigAwsConnector.ps1 throws errors and then quits after 3 retries.

[bobsyourmom]

Describe the bug A clear and concise description of what the bug is. Location of script(s): https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/AWS-S3 When running this script from powershell (on Windows 11, fully patched), the following errors are consistently seen, before the script quits: .\ConfigAwsConnector.ps1 Starting ConfigAwsConnector at: 06/16/2023 21:13:33 Log created: C:\users\bob\aws\Logs\AwsS3-06162113.csv

To begin you will choose the AWS logs to configure.

Please enter the AWS log type to configure (VPC, CloudTrail, GuardDuty, CustomLog): CloudTrail

Checking AWS CLI configuration...

This script creates an Assume Role with minimal permissions to grant Azure Sentinel access to your logs in a designated S3 bucket & SQS of your choice, enable CloudTrail Logs, S3 bucket, SQS Queue, and S3 notifications.

Notes:

• You can find more information about the script in https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/README.md
• If a resource name(like: S3, Sqs, Kms) already exists, the script will use the available one and not create a new resource

Assume role definition

Please enter role name. If you have already configured an assume role for Azure Sentinel, use the same role name: Sentinel Using role name: Sentinel ConvertFrom-Json : Invalid JSON primitive: ROLE. At C:\users\bob\aws\ConfigCloudTrailDataConnector.ps1:244 char:30

• $roleArn = ($roleArnObject | ConvertFrom-Json ).Role.Arn

• 
  + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
  + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Write-Log : Cannot bind argument to parameter 'Message' because it is null. At C:\users\bob\aws\ConfigCloudTrailDataConnector.ps1:245 char:20

• Write-Log -Message $roleArn -LogFileName $LogFileName -Severity Verbo ...

• 
  + CategoryInfo          : InvalidData: (:) [Write-Log], ParameterBindingValidationException
  + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Write-Log

To Reproduce Steps to reproduce the behavior: Follow the instructions as presented here: https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/AWS-S3

See error as shown above.

Expected behavior no errors should be shown during the execution of the powershell script.

Screenshots n/a

Desktop (please complete the following information):

• OS: windows 11, fully patched.
• Latest version of powershell and the AWS cli.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-vdixit]

Hi @bobsyourmom thanks for flagging this we will discuss with the team and update you shortly.

[bobsyourmom]

it also doesn't work on GovCloud but I'm very sure you guys aren't supporting that yet. (even the manual method won't work on GovCloud)

[v-rbajaj]

Hi @bobsyourmom, we are trying to connect to respective team, as soon as we get an update will let you know.

[v-rbajaj]

Hi @bobsyourmom, For easier investigation we would need the logs file as well. In the logs file we would able to see all the commands results, and it will help us to understand if the bug is on our side or in AWS CLI response.

In addition to this, would like to verify that the rule name (Sentinel), really exists in your AWS account.

[v-vdixit]

Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond on it in the next 2 days. If we don't receive response, we will be closing this issue as per our standard procedures, thanks!

[v-vdixit]

Since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[ezaspy]

Describe the bug I am experiencing this error too. I follow the steps from https://learn.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3#instructions under Automatic Setup and upon running of ./ConfigAwsConnector.ps1 an error returns:

Checking AWS CLI configuration...
Cannot bind argument to parameter 'Message' because it is null.
Please execute again 'aws configure' and verify that AWS configuration is correct.
For more details please see AWS doc https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html

Content of Log below:

"Time","Message","Severity"
"26/07/2023 14:19","Starting ConfigAwsConnector at: 07/26/2023 14:19:53","Information"
"26/07/2023 14:19","Log created: /home/user/Azure-Sentinel/Logs/AwsS3-07261419.csv","Information"
"26/07/2023 14:19","To begin you will choose the AWS logs to configure.","Information"
"26/07/2023 14:20","Checking AWS CLI configuration...","Information"
"26/07/2023 14:20","Cannot bind argument to parameter 'Message' because it is null.","Error"
"26/07/2023 14:20","Please execute again 'aws configure' and verify that AWS configuration is correct.","Error"
"26/07/2023 14:20","For more details please see AWS doc https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html","Error

To Reproduce Follow the instructions as presented here: https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/AWS-S3 See error as shown above.

Expected behavior If following the instructions, no error should be shown during the execution of the aforementioned PowerShell script.

Screenshots N/A

Desktop OS: Linux Ubuntu 22.04 Latest version of PowerShell and the AWS cli.