Filebeat using IAM role for ECS tasks does not work

Hi team,

I've tried to run filebeat with the cisco module (umbrella) in the ECS task. The umbrella module is configured without access_key_id and secret_access_key. I think I can now achieve filebeat using the IAM role for ECS task, but it doesn't work. please let me know if I can use filebeat with the ECS task role?

umbrella module setting

- module: cisco
  umbrella:
    enabled: true
    var.input: aws-s3
    var.queue_url: ${SQS_URL:?SQS_URL is empty}

log

2022-07-05T02:14:14.372Z ERROR [input.aws-s3] awss3/collector.go:106 SQS ReceiveMessageRequest failed: IncompleteSignature: 'value>/20220705/ap-northeast-1/sqs/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=<no value>/20220705/ap-northeast-1/sqs/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'.

filebeat version: 7.14.2

AWS ECS IAM roles for tasks

Perhaps this topic is related to my question.

So far, the cisco module (umbrella) does not seem to support the ECS task role. We can workaround this by removing or commenting out the lines(access_key_id, secret_access_key) in the input.yml of this module. But this is not a recommended.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.