Skip to main content
Panther Knowledge Base

Why is my SNS topic stuck in a "pending confirmation" state for the SQS confirmation for Panther?

  1. Last updated
  2. Save as PDF

Issue

When trying to setup an S3 log source, my SNS topic needs to subscribe to Panther's SQS queue, but this subscription is stuck in "pending confirmation". How do I get this confirmation to succeed?

Resolution

To resolve this issue:

  1. If your SNS topic already exists from an earlier attempt, please delete it.
  2. Next, log in to your Panther Console and go to Configure > Log Sources
  3. Click Create New then select AWS S3.
  4. When going through the setup wizard, select the top option to launch a CloudFormation Stack Using the AWS Console UI.
  5. Click Launch Template in UI to open the CloudFormation Stack in the AWS Console, and deploy it.
  6. After it finishes deploying, go to the "Outputs" tab in CloudFormation, and copy the IAM Role ARN.
  7. Navigate back to the Panther Console. In the setup wizard page "Use AWS UI to set up your role," paste the IAM Role ARN into the "Role ARN" field. 
    • This will tell Panther to go and create the SNS topic and perform the subscription confirmation automatically for you.

Cause

This "pending confirmation" issue can occur when you try to configure a log source from a new AWS account and when you attempt to configure it manually.

Panther tracks internally which AWS accounts are allowed to have a subscription with its SNS topic. Panther only allows accounts to subscribe to its SNS topic if that AWS account has a log source in Panther. 

This is not an issue if you use the "Launch Template in UI" option, as that option will automate the whole process for you. But for manual log source creation, you would need to ensure that the log source exists in Panther before the SNS -> SQS subscription is attempted. Therefore, when you run into this issue, the easiest way to resolve it is to simply create a new log source and to use our fully automated approach. This is only necessary for your first log source in a new AWS account. Subsequent log sources in that AWS account can be created manually, or via any automation you wish as long as that SNS -> SQS subscription has been confirmed from the initial log source creation.

 

 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.