Issue

I'm ingesting encrypted CloudTrail files into Panther, but I see errors such as access denied andFailureto download encrypted CloudTrail files from S3

Resolution

To resolve this issue:

Cause

This issue occurs when the KMS key is not entered on initial log source setup, or if the IAM Role's permissions to access the KMS key were somehow removed.