Filebeat 403 error to SQS

paano · April 5, 2021, 4:37am

Following the document from elastic blog, S3 log to Elastic using filebeat and SQS, i keep getting error
2021-04-03T13:45:04.022Z ERROR [input.aws-s3] awss3/collector.go:101 SQS ReceiveMessageRequest failed: AccessDenied: Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied.

`status code: 403, request id: 4d205118-6b7e-545d-96f0-09fa18e103cd {"queue_url": "https://sqs.us-east-1.amazonaws.com/12345678901/log-queue-dev", "region": "us-east-1"}`

ANy suggestion what policy is missing in the doc(blog)

Kaiyan_Sheng · April 5, 2021, 3:29pm

Sorry the blog post is not up-to-date. Could you try adding these permissions please? AWS S3 input | Filebeat Reference [7.12] | Elastic

paano · April 5, 2021, 5:52pm

I did try adding the permission yet see the 403 error. Any other debug command i can put on filebeat to verify what it is missing.

@Kaiyan_Sheng
thanks for pointing out the permission, added them.

paano · April 8, 2021, 12:16am

i was able to resolve it. It was AWS KMS issue.

system · May 6, 2021, 2:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.