ISSUE

My GuardDuty log source gives an error stating it cannot access a log file.

RESOLUTION

To resolve this issue, try one of the following:

For more information, see this AWS reference on GuardDuty.

CAUSE

Possible reasons the Guard Duty log source may have issues:

  1. The IAM Role had permissions to access the KMS key and it was somehow removed

  2. There wasn't any GuardDuty data sent that was encrypted with this KMS key. Perhaps the source was configured to receive different types of AWS data eg CloudTrail, Vpc Flow logs etc so there is activity in that log source but no activity from GuardDuty encrypted files.