Filebeat using IAM role for ECS tasks does not work

masato · July 5, 2022, 4:30am

Hi team,

I've tried to run filebeat with the cisco module (umbrella) in the ECS task. The umbrella module is configured without access_key_id and secret_access_key. I think I can now achieve filebeat using the IAM role for ECS task, but it doesn't work. please let me know if I can use filebeat with the ECS task role?

umbrella module setting

- module: cisco
  umbrella:
    enabled: true
    var.input: aws-s3
    var.queue_url: ${SQS_URL:?SQS_URL is empty}

log

2022-07-05T02:14:14.372Z ERROR [input.aws-s3] awss3/collector.go:106 SQS ReceiveMessageRequest failed: IncompleteSignature: 'value>/20220705/ap-northeast-1/sqs/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=<no value>/20220705/ap-northeast-1/sqs/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'.

filebeat version: 7.14.2

AWS ECS IAM roles for tasks

Perhaps this topic is related to my question.

masato · July 8, 2022, 5:01am

So far, the cisco module (umbrella) does not seem to support the ECS task role. We can workaround this by removing or commenting out the lines(access_key_id, secret_access_key) in the input.yml of this module. But this is not a recommended.

system · August 5, 2022, 7:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat Cisco Umbrella module Beats filebeat	2	432	January 11, 2021
Filebeat AWS S3 Module not working Beats filebeat	7	1276	May 4, 2021
Filebeat Cisco Umbrella Beats filebeat	4	922	January 14, 2021
FileBeat - awscloudwatch input config Beats beats-module , filebeat	1	334	January 26, 2021
Cisco Umbrella selfhosted s3 the queue is not processing Beats filebeat	9	453	March 10, 2021

Filebeat using IAM role for ECS tasks does not work

Related Topics