When viewing an S3 Bucket Log Source, the following error occurs:
Source has turned unhealthy. Bucket Notifications are not properly configured - Notifications are not properly configured for these prefixes: [""]
This error can also read:
We couldn't determine if S3 Event Notifications are configured for your given S3 Prefixes and bucket: <bucket name>
This often occurs after editing the log source configuration.
To resolve this issue:
Edit the log source.
From the Log Source overview page, click on the "Configuration" button in the top-right, then select Edit Log Source from the drop-down menu options.
In the top-right panel, click Edit IAM Role.
In the IAM Role view, click I want to set up everything on my own.
Without making any other changes, click Save in the top-right.
After completing these steps, the Log Source should return to a healthy state.
This issue occurs when an S3 Bucket was originally set up to use the Panther-provided SNS topic, panther-notifications-topic
, but was later changed to use a custom one instead. Panther routinely scans the S3 Buckets properties to make sure everything is in working order. If it expects to see panther-notifications-topic
attached to the buckets EventNotification, but instead finds another SNS topic, Panther will raise an error as a sign of possible misconfiguration.
By editing the bucket and choosing I want to set up everything myself, you tell Panther that you'll be making your own SNS topic, and as a result, Panther no longer expects to find panther-notifications-topic
.