FAQ: Why am I not seeing CloudTrail events despite having a configured AWS integration?

In rare occurrences, some CloudTrail integrations display as enabled but stop ingesting messages into the F5 Distributed Cloud App Infrastructure Protection (AIP) platform. This error usually occurs when the account attempts to ingest messages from the SQS, but there are none available in the SQS Queue. Please contact AIP Support (aipsupport@f5.com) to confirm if this is the error.

You may be able to resolve this issue by doing the following:

  • Verify that there are messages in the SQS.
  • If there are no messages, then confirm that the SQS subscribes to the SNS topic configured on the CloudTrail configuration in AWS.
  • If the SQS is already subscribed to the correct SNS topic, then try deleting the subscription and creating a new subscription between SQS <> SNS.
  • If creating a new subscription does not work, then delete and recreate the subscription and SQS. Ensure the SQS is subscribed to the correct SNS topic.
