Fleet AWS Cloudtrail integration stops working after upgrading elastic agent to 7.12.0

Hi all,

We have a working AWS CloudTrail integration with Elastic agent 7.10.1. After upgrading to 7.12 the cloud trail data stops working without any error in the log.

I have tried to enabled debug level on agent but there is no error message at all.

Any idea how to solve the issue or at least to know what the error is?

Thank you.

Regards,
Nugroho

Hmmm have you tried 7.11? There is a bug introduced into 7.12 and it's fixed by [Filebeat] Fix gcp/vpcflow module defaulting to file input by andrewkroh · Pull Request #24719 · elastic/beats · GitHub.

@Kaiyan_Sheng I don't think that fix is related to the issue that I have (GCP vs AWS).

@Kaiyan_Sheng I can confirm that it works after I rolled back to 7.11.2.

I use IAM Instance Profile (associated with IAM Role) attached to EC2 and set all configuration to blank (no access key, no credentials, no role) and it works (default SDK fallback behavior-- good).

It seems 7.12 breaks that behavior.

Thank you @nugroho-expereo for confirming!! OK I will go investigate what changed here!! Thanks!!

I have also found this to be the case. Today I upgraded our ES from 7.11 to 7.12, as well as upgrading my Elastic Agent to 7.12 after which I am no longer receiving logs using the AWS Integration. Prior 7.11 was working fine.

Also note that I am collecting AWS CloudTrail and VPCFlow which which have both stoped. In an effort to try to fix I deployed a newer version of the integration from AWS v0.3.12 to AWS v0.5.0 which did not seem to fix the problem. Unlike Nugroho I am not using EC2 with IAM Role, I am using Access ID\Key.