Currently when deploying grand central to an AWS account, the cloudformation stack is creating the Delivery and Processor roles. The processor role is assigned to the lambda function but does not have the permissions included in the delivery role which give access to firehose:putrecord and putrecordbatch. Since the processor role does not include the same permissions included in the delivery role, the records constantly error out and never reach splunk. The easy work around is to copy the permissions from the delivery role and include them in the processor role.
Currently when deploying grand central to an AWS account, the cloudformation stack is creating the Delivery and Processor roles. The processor role is assigned to the lambda function but does not have the permissions included in the delivery role which give access to firehose:putrecord and putrecordbatch. Since the processor role does not include the same permissions included in the delivery role, the records constantly error out and never reach splunk. The easy work around is to copy the permissions from the delivery role and include them in the processor role.