Couldn't connect to AWS ES

sv_bcvt92 · August 1, 2019, 10:22am

Hi Gurus,
I'm setting Filebeat to send nginx logs to AWS Elasticsearch service. I do follow exactly this guide

But in step 4, I got this error

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://search-abcxyz.ap-northeast-1.es.amazonaws.com:443: 403 Forbidden: {"message":"'ZWxhc3RpYzpIYW5vaUAyMDE5' not a valid key=value pair (missing equal-sign) in Authorization header: 'Basic ZWxhc3RpYzpIYW5vaUAyMDE5'."}]

filebeat.yml:

filebeat.inputs:
- type: log

  # Change to true to enable this input configuration.
  enabled: false

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/nginx/*.log

setup.kibana:
  host: "https://search-abcxyz.ap-northeast-1.es.amazonaws.com:443/_plugin/kibana/"
output.elasticsearch:
  hosts: ["https://search-abcxyz.ap-northeast-1.es.amazonaws.com:443"]
  # Enabled ilm (beta) to use index lifecycle management instead daily indices.
  #ilm.enabled: false
  # Optional protocol and basic auth credentials.
  #protocol: "https"
  username: "elastic"
  password: "xxxxxx"

Can anyone help me on this problem?
Thanks.

Christian_Dahlqvist · August 1, 2019, 11:39am

Does AWS ES support HTTPS basic auth? Can you curl from that host to your Elasticsearch cluster?

sv_bcvt92 · August 1, 2019, 2:55pm

Hi Christian,

I dont know if AWS ES supports basic auth or not.
I try with this command
curl --user elastic:xxxxxx "https://search-abcxyz.ap-northeast-1.es.amazonaws.com/"
then I get the response:
{"message":"'ZWxhc3RpYzpIYW5vaUAyMDE5' not a valid key=value pair (missing equal-sign) in Authorization header: 'Basic ZWxhc3RpYzpIYW5vaUAyMDE5'."}

Christian_Dahlqvist · August 1, 2019, 2:57pm

Seems like it does not so you may have to go through Logstash where you can install a specific AWS ES output plugin.

sv_bcvt92 · August 1, 2019, 3:06pm

Thanks for your time, Christian.
If anyone centralizes nginx logs from EC2 to AWS ES before, please advise me.
Ah, I forgot to tell you that I used Amazon Cognito for AWS ES authentication.

Many thanks.

Christian_Dahlqvist · August 1, 2019, 3:14pm

I have not used AWS ES but did not have similar problems with Elastic Cloud, which does support HTTPS and basic auth.

sv_bcvt92 · August 1, 2019, 3:19pm

Christian,
I can also disable Cognito authentication for AWS ES, but I'm afraid that its security will be quite weak.

Topic		Replies	Views
Filebeats to ship data directly to AWS ElasticSearch managed service Beats filebeat	4	1155	February 9, 2019
.asdasd Beats filebeat	5	979	October 31, 2017
Failed to perform any bulk index operations: 403 Forbidden: Beats filebeat	12	5891	November 30, 2018
How to connect beats to AWS elasticsearch with authentication Beats	4	6931	May 15, 2017
Nginx authentication to aws es inside vpc Elasticsearch	1	666	February 14, 2018

Couldn't connect to AWS ES

Related topics