Metricbeat AWS module endpoint not working correctly

aws.yml is as follows

  regions: us-iso-east-1
  endpoint: us-iso-east-1.c2s.ic.gov
  period: 5m
  metricsets:
    - ec2

The error is ListMetricsRequest failed: send request failed. followed by a proxy error driven by an incorrect URL because this is running in us-iso-east-1 and doesn't push the config to the metric checks. My logs show the iam/sts calls are working going to iam.us-iso-east-1.c2s.ic.gov and sts.us-iso-east-1.c2s.ic.gov however the calls I see going to metrics are ec2.us-iso-east-1.amazonaws.com and monitoring.us-iso-east-1.amazonaws.com. This leads me to believe that the endpoint is not getting to the metric checks and the region is not pushing to the initial IAM checks.

Could you try with this endpoint please? We do realize there is a bug in the endpoint part and PR to fix it is on its way :slight_smile: Deprecate aws_partition and use endpoint,regions instead by kaiyan-sheng · Pull Request #23539 · elastic/beats · GitHub

I have tried that config and the issue then gets worse as the iam and sts calls will also fail as they need to use the region in the iso env. The same issue is also present with the above config that the metric calls do not hit that endpoint. Will the endpoint PR above correct both of these issues?
So the calls need to be to sts.iam.us-iso-east-1.c2s.ic.gov, iam.us-iso-east-1.c2s.ic.gov, and ec2.iam.us-iso-east-1.c2s.ic.gov for example

With this PR, endpoint and regions will be required for your case:

- module: aws
  period: 5m
  endpoint: c2s.ic.gov
  regions: us-iso-east-1
  metricsets:
    - ec2

This will call iam.c2s.ic.gov and ec2.us-iso-east-1.c2s.ic.gov for example. I don't think there will be anything like ec2.iam.us-iso-east-1.c2s.ic.gov though with two service names.

Sorry that was a typo on my part we need iam and sts calls to include the region, like iam.us-iso-east-1.c2s.ic.go.c2s.ic.gov and sts.us-iso-east-1.c2s.ic.gov. Also the endpoint is not reflected on the metric calls as we are seeing calls to ec2 hit ec2.us-iso-east-1.amazonaws.com when endpoint is set to c2s.ic.gov.

Is it possible to have the region included in the iam and sts calls? in the aws-iso the iam and sts addresses include the region

Also the endpoint is not reflected on the metric calls as we are seeing calls to ec2 hit ec2.us-iso-east-1.amazonaws.com when endpoint is set to c2s.ic.gov.

Yes that's a bug also get fixed in the same PR. Please feel free to test it and leave comments in the PR or here! Thanks!!!

How do I get those changes into my environment? I use the beat rpm files to install the packages.

Is it possible to have the region included in the iam and sts calls? in the aws-iso the iam and sts addresses include the region as there is no global endpoint for those services

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.