I'm trying to test the Fleets Beta AWS integration. Initially just with CloudTrail logs before adding others. So far I have done the below:
-Created IAM User
-Created permissions policy with required permissions, and granted the new IAM user this permission policy
-Configured the integration via the UI, with username, accesskey and secretkey
-Configured the SQS (linked with the SNS subscription for the CloudTrail S3 bucket)
-Added the SQS queue URL and saved the integration.
I can see the integration saved into the default policy. I have no hosts to install into, as I didn't think this was required via the integration method (using IAM access keys etc to get the data).
Am I supposed to do something more than the above? I cannot see any data in Kibana using the [Logs AWS] CloudTrail option.
Apologies in advance if I'm missing something obvious. I'm particularly new to Elastic. I should add, I'm using the vanilla install of Elastic Cloud on AWS.
This is where I get confused. The docs don't make it clear what I should do regarding Agents. I'm aware that in other integrations I would need to install agents into host machines, but with AWS it's less clear.
Is there something I need to do on the Elastic/Kibana side to allow them to see the data coming in from AWS? I was under the impression the "installation" of the integration would complete all the other requirements, but I'm probably being a bit naive as I'm new to Elastic.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.