I have ELK running with the AWS integration. I have one agent policy running on several agents with a role configured for the agent to use. The agents are running on EC2 and are able to assume the role easily. I've setup a second agent policy with the intention of using a different role for certain AWS API calls, specifically for Inspector and Security Hub. Despite having a role configured, the agent calls to AWS fail with a 403 Invalid Token. If I specify and access key/secret, these calls work find and the agent is able to retrieve data. Notably, the agent policy reflects the usage of an access key/secret, but does not have any indication when it's set to use a role. Has anyone else experienced this?
1 Like
Hey @jeffmaley, I'm running into the same issues. Unfortunately, it looks like the current integration package (I'm using 2.11.3) requires the usage of access and secret keys:
Thanks for much for this. Do you have the link to the doc where you found that? I somehow missed it.
EDIT: nvm, I found it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.