Hello,
I'm trying to use Amazon Cognito authentication with Kibana on aws_ElasticSearch and send logs using logstash from kubernetes.
Authentication with kibana is working fine, but logstash seems to not be sending logs to ES.
I've created a user using aws_access_key_id and aws_secret_access_key with a AmazonESFullAccess policy to be used by logstash.
This is the policy I have setup on my ES Domain:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxxx:role/Cognito_IDpoolAuth_Role",
"arn:aws:iam::xxxxxxxx:user/test"
]
},
"Action": "es:",
"Resource": "arn:aws:es:eu-west-2:xxxxxxx:domain/testkibana/"
}
]
}
logstash conf:
input {
udp {
port => 5555
codec => json
}
}
output {
stdout {
codec => rubydebug
}
amazon_es {
hosts => ["vpc-MYENDPOINT.eu-west-2.es.amazonaws.com"]
region => "eu-west-2"
aws_access_key_id => 'XXXXXXXXX'
aws_secret_access_key => 'XXXXXXXXXXX'
index => "test-%{+YYYY.ww}"
}
}
logstash is running on kubernetes as a deployment, also I have created a service for elasticSearch as a ExternalName
spec:
externalName: MYENDPOINT.eu-west-2.es.amazonaws.com
sessionAffinity: None
type: ExternalName
Does anyone have an idea, what's wrong?
Thank you!