Filebeat 403 error to SQS

paano · April 5, 2021, 4:37am

Following the document from elastic blog, S3 log to Elastic using filebeat and SQS, i keep getting error
2021-04-03T13:45:04.022Z ERROR [input.aws-s3] awss3/collector.go:101 SQS ReceiveMessageRequest failed: AccessDenied: Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied.

`status code: 403, request id: 4d205118-6b7e-545d-96f0-09fa18e103cd {"queue_url": "https://sqs.us-east-1.amazonaws.com/12345678901/log-queue-dev", "region": "us-east-1"}`

ANy suggestion what policy is missing in the doc(blog)

Kaiyan_Sheng · April 5, 2021, 3:29pm

Sorry the blog post is not up-to-date. Could you try adding these permissions please? AWS S3 input | Filebeat Reference [7.12] | Elastic

paano · April 5, 2021, 5:52pm

I did try adding the permission yet see the 403 error. Any other debug command i can put on filebeat to verify what it is missing.

@Kaiyan_Sheng
thanks for pointing out the permission, added them.

paano · April 8, 2021, 12:16am

i was able to resolve it. It was AWS KMS issue.

Topic		Replies	Views
SQS DeleteMessageRequest failed with S3 input in Filebeat Beats filebeat	2	1015	May 27, 2020
S3 Filebeat Input error Beats filebeat	5	774	October 12, 2020
Filebeat initializing error for s3 Beats filebeat	5	1554	May 1, 2021
Filebeat AWS S3 Module not working Beats filebeat	7	1361	May 4, 2021
AWS S3 based logs integration error using filebeat Beats filebeat	1	400	March 26, 2021

Filebeat 403 error to SQS

Related topics