Elastic-agent AWS cloudtrail integration fails

Merdesz · November 28, 2023, 3:29pm

Trying to set up Elastic-agent with the AWS cloudtrail integration, but it always fails to connect:

[elastic_agent.filebeat][error] Input 'aws-s3' failed with: failed to initialize s3 poller: failed to get AWS region for bucket: operation error S3: GetBucketLocation, https response error StatusCode: 400, RequestID: RPJDEMPNHY0DS3VD, HostID: s/jw5VtW3D87Rh6PB2ksMuOidMorPUJ0nzq2O/Bnb6ROXl4KI5dOZ6iX7lh5NimbZcCj/ZavNog=, api error InvalidBucketName: The specified bucket is not valid.

My integration settings:

Also using the AWS CLI from the same computer the Elastic-agent tries to reach the bucket works just fine, can list the log files.
Anything usefull is welcomed.

sholzhauer · November 28, 2023, 4:52pm

In your screenshot you mention the correct bucket.
Is that the bucket name or the full arn:aws:s3:::the correct bucket

a side note: I would advice to use sqs setup as this limits the AWS api calls and prevents duplicate ingestion in case your agent goes down. It also allows you to distribute the load across multiple agents.

Merdesz · November 29, 2023, 9:35am

Yes, thank you that was the problem.
Only set it up with s3://domain-name...

Topic		Replies	Views
Kibana aws integration cloudtrail collect from s3 warning Beats beats-module	11	819	November 24, 2023
No logs coming from AWS integration CloudTrail logs from S3 Logstash	0	35	February 13, 2025
Elastic Cloudtrail for Cognito integration Elastic Agent integrations	2	77	October 18, 2024
Elastic agent for aws custom integration Elasticsearch	1	228	June 7, 2024
AWS/CloudTrail Integration for Elastic Agent Elastic Observability	7	305	December 11, 2024

Elastic-agent AWS cloudtrail integration fails

Related topics