I'm trying to test the Fleets Beta AWS integration. Initially just with CloudTrail logs before adding others. So far I have done the below:
-Created IAM User
-Created permissions policy with required permissions, and granted the new IAM user this permission policy
-Configured the integration via the UI, with username, accesskey and secretkey
-Configured the SQS (linked with the SNS subscription for the CloudTrail S3 bucket)
-Added the SQS queue URL and saved the integration.
I can see the integration saved into the default policy. I have no hosts to install into, as I didn't think this was required via the integration method (using IAM access keys etc to get the data).
Am I supposed to do something more than the above? I cannot see any data in Kibana using the [Logs AWS] CloudTrail option.
Apologies in advance if I'm missing something obvious. I'm particularly new to Elastic. I should add, I'm using the vanilla install of Elastic Cloud on AWS.
How did you install the agent? Is it reachable by Kibana/Elasticsearch?
This is where I get confused. The docs don't make it clear what I should do regarding Agents. I'm aware that in other integrations I would need to install agents into host machines, but with AWS it's less clear.
Is there something I need to do on the Elastic/Kibana side to allow them to see the data coming in from AWS? I was under the impression the "installation" of the integration would complete all the other requirements, but I'm probably being a bit naive as I'm new to Elastic.
Can you confirm you've setup your policy as described in this Metricbeat policy example: AWS module | Metricbeat Reference [master] | Elastic
(Correlates to the AWS Permissions which shows in the UI: integrations/README.md at master · elastic/integrations · GitHub)
The agent can be installed on any system. The modules that poll remote apis don't matter what the system is.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.