Skip to main content
Panther Knowledge Base

Why do I see "Aws.Config validation failed" when ingesting logs into Panther?

Issue

When trying to ingest my AWS Config logs the following classification error occurs:

"Aws.Config" validation failed: Key: 'AWSConfig.Configuration Error:Field validation for 'Configuration' failed on the 'required' tag key

 

Resolution

To resolve this issue:

  • Add an exclusion filter for /ConfigHistory/ as that format is not currently supported.

See example directory structure:

s3://aws-logs-1234567890-us-west-1/o-samplelog/AWSLogs/1234567890/Config/us-west-1/2022/01/31/ConfigHistory/1234567890_Config_us-west-1_ConfigHistory_AWS::Config::ResourceCompliance_20220131T000000Z_20220131T000002Z_1.json.gz

Cause

This issue occurs because Panther only supports AWS Config Snapshots at this time and the format beyond /ConfigHistory/ is not supported.