Fleets AWS Integration Clarification

I'm trying to test the Fleets Beta AWS integration. Initially just with CloudTrail logs before adding others. So far I have done the below:

-Created IAM User
-Created permissions policy with required permissions, and granted the new IAM user this permission policy
-Configured the integration via the UI, with username, accesskey and secretkey
-Configured the SQS (linked with the SNS subscription for the CloudTrail S3 bucket)
-Added the SQS queue URL and saved the integration.

I can see the integration saved into the default policy. I have no hosts to install into, as I didn't think this was required via the integration method (using IAM access keys etc to get the data).

Am I supposed to do something more than the above? I cannot see any data in Kibana using the [Logs AWS] CloudTrail option.

Apologies in advance if I'm missing something obvious. I'm particularly new to Elastic. I should add, I'm using the vanilla install of Elastic Cloud on AWS.

How did you install the agent? Is it reachable by Kibana/Elasticsearch?

Hi Kvch,

This is where I get confused. The docs don't make it clear what I should do regarding Agents. I'm aware that in other integrations I would need to install agents into host machines, but with AWS it's less clear.

Is there something I need to do on the Elastic/Kibana side to allow them to see the data coming in from AWS? I was under the impression the "installation" of the integration would complete all the other requirements, but I'm probably being a bit naive as I'm new to Elastic.

Hi David,

Can you confirm you've setup your policy as described in this Metricbeat policy example: AWS module | Metricbeat Reference [master] | Elastic

(Correlates to the AWS Permissions which shows in the UI: integrations/README.md at master · elastic/integrations · GitHub)

The agent can be installed on any system. The modules that poll remote apis don't matter what the system is.