Hello,
I am trying to figure out if anyone has managed to get to use AWS IAM roles for their self hosted ELK stack rather than using IAM users (Access Key and Secret keys).
Scenario is:
-> Mulitple AWS accounts contain iam users for s3 buckets (logs),
-> Logstash instance is hosted on a AWS account peered to all the multiple accounts
-> Each iam user access key in all the multiple accounts has to be rotated every 90 days as part of security standards. This is time consuming and insecure as the credentials are shown in the logstash conf files
Recommendations:
-> Create IAM roles in the multiple accounts
-> But the question is, how can the logstash instance hosted in another account assume the role of multiple accounts?
Any ideas would be much appreciated. many thanks.
P.S. I came across this blog but seems like it is for AWS hosted ELK rather than self hosted ELK
Regards,
Kev