Input 'aws-s3' failed with: failed to initialize s3 poller

MrAtheist · December 11, 2021, 8:08pm

I'm also pulling my hair on this black hole of an issue... i got this cross account setup like so:

# UserA (in account A)

{
       "Effect": "Allow",
       "Action": [
           "s3:GetObject",
           "s3:ListBucket",
           "s3:GetBucketLocation"
       ],
       "Resource": [
           "arn:aws:s3:::bucket-in-ca-central-1/*",
           "arn:aws:s3:::bucket-in-ca-central-1"
       ]
   }

# BucketB (in account B)

{
    "Sid": "AllowFilebeatPolling",
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::1234567890:user/UserA"
    },
    "Action": [
      "s3:GetObject",
      "s3:ListBucket",
      "s3:GetBucketLocation"
    ],
    "Resource": [
      "arn:aws:s3:::${var.s3_bucket_name}",
      "arn:aws:s3:::${var.s3_bucket_name}/*"
    ]
}

I can replicate all the actions with the equivalent cli as user A to bucket B, it works as expected, BUT whenever i tried to initialize filebeat it spits back 403...

... compat/compat.go: 122
"Input 'aws-s3' failed with: failed to initialize s3 poller: failed to get AWS region for bucket_arn:

So im wondering does it have something to do with "block all public access" on the bucket itself? I'll report back later with what i find...

Topic		Replies	Views
Input 'aws-s3' failed with: failed to initialize s3 poller: failed to get AWS region for bucket_arn: Beats filebeat	4	655	December 16, 2021
Filebeat and AWS Module unable to get CloudTrail logs Beats beats-module , filebeat	2	1416	June 25, 2020
Filebeat AWS Module Errors and Missing Logs Beats beats-module , filebeat	1	759	September 8, 2020
Filebeat AWS Module SQS Queue Configurations Errors Beats filebeat	2	565	April 6, 2021
[Filebeat] AWS CloudTrail Processor parses incorrect AWS region from logs Beats filebeat	4	366	September 15, 2022

Input 'aws-s3' failed with: failed to initialize s3 poller

Related topics