Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,268 questions
Microsoft Sentinel | Data connectors - AWS
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 55.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Arif Ali
0
Reputation points
The script provided by Microsoft does now work and fails in various places like with tags etc.
I would like to know if others are facing this issue?
"28/04/2025 12:43","Executing: aws iam create-role --role-name OIDC_SentinelIAMRole2 --assume-role-policy-document {""Version"":""2012-10-17"",""Statement"":[{""Effect"":""Allow"",""Principal"":{""Federated"":""arn:aws:iam::XXXXXXX:oidc-provider/sts.windows.net/XXXXXXXXXXX/""},""Condition"":{""StringEquals"":{""sts:RoleSessionName"":""MicrosoftSentinel_XXXXXXXXXXX"",""sts.windows.net/XXXXXXXXXXX/:aud"":""api://1462b192-27f7-4cb9-8523-0f4ecb54b47e""}},""Action"":""sts:AssumeRoleWithWebIdentity""}]} --tags [{""Key"":""Operator"",""Value"":""Microsoft_Sentinel_Automation_Script""}] 2>&1","Verbose"
"28/04/2025 12:43","System.Management.Automation.RemoteException Error parsing parameter '--tags': Invalid JSON: Expecting property name enclosed in double quotes: line 1 column 3 (char 2) JSON received: [{Key:Operator,Value:Microsoft_Sentinel_Automation_Script}]","Verbose"
"28/04/2025 12:43","JSON received: [{Key:Operator,Value:Microsoft_Sentinel_Automation_Script}]","Error"
"28/04/2025 12:43","Retrying...","Information"
https://learn.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3
That is the article I am following.
Microsoft Sentinel
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya 17,900 Reputation points Microsoft External Staff2025-04-28T18:45:25.14+00:00 Hi @Arif Ali
I understand that you are encountering an issue with the JSON format when executing the AWS IAM
create-rolecommand in your Python script. The error message indicates that there is a problem with the JSON formatting of thetagsparameter.Based on the error message you provided:
- The error states: **"**Invalid JSON: Expecting property name enclosed in double quotes
- The JSON received is: [{Key:Operator,Value:Microsoft_Sentinel_Automation_Script}]
To resolve this issue, you need to ensure that the
tagsparameter in your JSON payload is formatted correctly, with property names enclosed in double quotes. Here is the correct format for thetagsparameter in JSON:[{"Key":"Operator","Value":"Microsoft_Sentinel_Automation_Script"}]Hope this helps. Do let us know if you any further queries.
-
Arif Ali 0 Reputation points
2025-04-29T13:45:07.7+00:00 I have not edited the script in anyway, I am trying to run as is, however I have identified the code here which carries out the tags:
function Get-SentinelTagKey { return "Operator" } function Get-SentinelTagValue { return "Microsoft_Sentinel_Automation_Script" } function Get-SentinelTagInJsonFormat { $key = Get-SentinelTagKey $value = Get-SentinelTagValue $sentinelTag = ConvertTo-Json -InputObject @{Key=$key;Value=$value} -Depth 99 -Compress return $sentinelTag }You can easily download the files from the article and inspect it too. I do not understand why it is this complicated.
Sign in to comment
Sign in to answer