I tried to configure Kibana custom resource with xpack.fleet.agentPolicies to add aws integration without success. I have read many documentation and done a lot of experiments and looks that there is no support for that. Is that true?
Below are the details of some of my attempts.
The attempt to use policy_template:
This field is used when adding integration via the UI:
2024-04-30 18:13:35.386
FATAL Error: [config validation of [xpack.fleet].agentPolicies.1.package_policies.0.inputs.0.policy_template]: definition for this key is missing
2024-04-30 18:39:16.823
inputs.guardduty-httpjson.streams.aws.guardduty.vars.aws_region: AWS Region is required
2024-04-30 18:39:16.823
inputs.guardduty-httpjson.streams.aws.guardduty.vars.detector_id: Detector ID is required
2024-04-30 18:39:16.823
inputs.inspector-httpjson.streams.aws.inspector.vars.aws_region: AWS Region is required
2024-04-30 18:39:16.823
inputs.securityhub-httpjson.streams.aws.securityhub_insights.vars.aws_region: AWS Region is required
2024-04-30 18:39:16.823
inputs.securityhub-httpjson.streams.aws.securityhub_findings.vars.aws_region: AWS Region is required
2024-04-30 18:39:16.823
inputs.cloudfront-aws-s3.streams.aws.cloudfront_logs.vars.queue_url: Queue URL is required
2024-04-30 18:39:16.823
inputs.route53-aws-s3.streams.aws.route53_resolver_logs.vars.queue_url: Queue URL is required
2024-04-30 18:39:16.823
inputs.waf-aws-s3.streams.aws.waf.vars.queue_url: Queue URL is required
2024-04-30 18:39:16.823
inputs.s3-aws-s3.streams.aws.s3access.vars.queue_url: Queue URL is required
2024-04-30 18:39:16.823
inputs.firewall-aws-s3.streams.aws.firewall_logs.vars.queue_url: Queue URL is required
2024-04-30 18:39:16.823
[2024-04-30T15:39:16.822+00:00][ERROR][plugins.fleet] Package policy is invalid: inputs.elb-aws-s3.streams.aws.elb_logs.vars.queue_url: Queue URL is required
It looks as low-level details that can be hidden from the user's eyes. Can we hope for a more user-friendly configuration if we consider this issue in the context of ECK?
I was trying to set up aws, aws_logs, and mongodb_atlas integrations thru xpack.fleet.agentPolicies, but have no success with any of them.
There is a lack of documentation, and error messages are often not descriptive enough.
Also, when I remove integration from xpack.fleet.agentPolicies, it may stay available in the agent policy in Kibana, and I couldn’t remove it manually as well.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.