Elastic Serverless Forwarder Cannot Connect to my Elastic Cloud Deployment

pkward · December 13, 2024, 1:40pm

Hello,

I'm having trouble sending CloudWatch logs to Elastic Cloud via Elastic Serverless Forwarder (ESF). I've configured my config.yml per the official elastic documentation. I also enabled the DEBUG logs to add verboseness. I then found error "Forbidden due to traffic filtering". Is there anyway to see these Traffic Filtering logs in Elastic Cloud? So that I may add the IP to my Elastic Cloud deployment? Or am I missing a step to allow this connection? Will deploying APM to the ESF show me more details?

config.yaml -

inputs:
  - type: "kinesis-data-stream"
    id: "arn:aws:kinesis:/ElasticRecipientStream"
    tags:
      - "aws-comm-serverless-kinesis"
    outputs:
      - type: "elasticsearch"
        args:
          # either elasticsearch_url or cloud_id, elasticsearch_url takes precedence
          # elasticsearch_url: "http(s)://domain.tld:port"
          cloud_id: "<cloud_id>"
          # either api_key or username/password, api_key takes precedence
          api_key: "<API_KEY>"
          # username: "elastic"
          # password: ""
          es_datastream_name: "logs-aws.cloudwatch-serverless"
          batch_max_actions: 500
          batch_max_bytes: 10485760
          ssl_assert_fingerprint: ""

stephenb · December 13, 2024, 2:33pm

Hi @pkward

You or your elastic Cloud admin needs to log into The elastic Cloud Cloud admin console and take a look.. The traffic filters are applied onto the deployment through the cloud console or perhaps terraform someone's doing that.
That's what's blocking your traffic

pkward · December 13, 2024, 2:59pm

Okay, I'm the Cloud Admin but I'm unsure where to look for the Traffic Filter logs. I understand how traffic filters work and how to implement them. I guess from an ESF standpoint, how can I find the IP of the ESF to add to the traffic filter? Also, do I need to do anything additionally on AWS to allow outbound traffic from my ESF Lambda?

stephenb · December 13, 2024, 3:41pm

Steps by Step Instructions here

This is where you create them...
https://cloud.elastic.co/deployment-features/traffic-filters

The when you manage a deployment ... you apply them on the deployment

Topic		Replies	Views
Elastic Serverless Forwarder not able to send Cloudwatch Logs to Elastic Elastic Observability	1	210	August 29, 2023
Elastic Serverless Forwarder Field Extraction Issue Logs	3	14	December 11, 2024
Cloudwatch Logs to Elasticsearch using AWS Lambda Elasticsearch	2	5938	June 25, 2019
CloudWatch input plugin config to receive all data Logstash	1	492	August 11, 2017
Elastic Forwarder for Cloudwatch Elasticsearch	1	128	December 25, 2023

Elastic Serverless Forwarder Cannot Connect to my Elastic Cloud Deployment

Related topics