I'm trying to test the Fleets Beta AWS integration. Initially just with CloudTrail logs before adding others. So far I have done the below:
-Created IAM User
-Created permissions policy with required permissions, and granted the new IAM user this permission policy
-Configured the integration via the UI, with username, accesskey and secretkey
-Configured the SQS (linked with the SNS subscription for the CloudTrail S3 bucket)
-Added the SQS queue URL and saved the integration.
I can see the integration saved into the default policy. I have no hosts to install into, as I didn't think this was required via the integration method (using IAM access keys etc to get the data).
Am I supposed to do something more than the above? I cannot see any data in Kibana using the [Logs AWS] CloudTrail option.
Apologies in advance if I'm missing something obvious. I'm particularly new to Elastic. I should add, I'm using the vanilla install of Elastic Cloud on AWS.