Elastic-agent AWS cloudtrail integration fails

Trying to set up Elastic-agent with the AWS cloudtrail integration, but it always fails to connect:

[elastic_agent.filebeat][error] Input 'aws-s3' failed with: failed to initialize s3 poller: failed to get AWS region for bucket: operation error S3: GetBucketLocation, https response error StatusCode: 400, RequestID: RPJDEMPNHY0DS3VD, HostID: s/jw5VtW3D87Rh6PB2ksMuOidMorPUJ0nzq2O/Bnb6ROXl4KI5dOZ6iX7lh5NimbZcCj/ZavNog=, api error InvalidBucketName: The specified bucket is not valid.

My integration settings:

Also using the AWS CLI from the same computer the Elastic-agent tries to reach the bucket works just fine, can list the log files.
Anything usefull is welcomed.

In your screenshot you mention the correct bucket.
Is that the bucket name or the full arn:aws:s3:::the correct bucket

a side note: I would advice to use sqs setup as this limits the AWS api calls and prevents duplicate ingestion in case your agent goes down. It also allows you to distribute the load across multiple agents.

1 Like

Yes, thank you that was the problem.
Only set it up with s3://domain-name...

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.