Hi,
I'm trying to setup an elastic cluster (Using version 7.3.2) across three different AZs in one region. EC2 instances are able to communicate with each other, as routing and security-groups are configured to so. AWS API User has the following IAM profile:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
}
]
}
So this user has more rights as describe in the documentation (ec2-discovery documentation)
I'm running the following config:
path.data: /elastic
path.logs: /elastic
node.name: aws-siem-cluster-node-2
cluster.name: aws-siem-cluster
discovery.seed_providers: ec2
discovery.ec2.endpoint: apigateway.eu-central-1.amazonaws.com
discovery.ec2.protocol: https
discovery.ec2.read_timeout: 60s
discovery.ec2.groups: launch-wizard-2
discovery.ec2.any_group: true
discovery.ec2.host_type: private_ip
discovery.ec2.availability_zones: eu-central-1
cloud.node.auto_attributes: true
cluster.routing.allocation.awareness.attributes: aws_availability_zone
network.host: _ec2_
Keystore values for API Key and Secret are stored.
Setting Logoutput to DEBUG of elastic log we have this main cause:
Main issue seems to be that part: Exception while retrieving instance list from AWS API: null (Service: AmazonEC2; Status Code: 403; Error Code: 403 Forbidden; Request ID: null)
Any advice about what could be wrong here ? Thanks in advance