Metricbeat AWS module endpoint not working correctly

cjm3625 · January 19, 2021, 8:00pm

aws.yml is as follows

  regions: us-iso-east-1
  endpoint: us-iso-east-1.c2s.ic.gov
  period: 5m
  metricsets:
    - ec2

The error is ListMetricsRequest failed: send request failed. followed by a proxy error driven by an incorrect URL because this is running in us-iso-east-1 and doesn't push the config to the metric checks. My logs show the iam/sts calls are working going to iam.us-iso-east-1.c2s.ic.gov and sts.us-iso-east-1.c2s.ic.gov however the calls I see going to metrics are ec2.us-iso-east-1.amazonaws.com and monitoring.us-iso-east-1.amazonaws.com. This leads me to believe that the endpoint is not getting to the metric checks and the region is not pushing to the initial IAM checks.

Kaiyan_Sheng · January 20, 2021, 1:03am

Could you try with this endpoint please? We do realize there is a bug in the endpoint part and PR to fix it is on its way https://github.com/elastic/beats/pull/23539

cjm3625 · January 20, 2021, 1:08pm

I have tried that config and the issue then gets worse as the iam and sts calls will also fail as they need to use the region in the iso env. The same issue is also present with the above config that the metric calls do not hit that endpoint. Will the endpoint PR above correct both of these issues?
So the calls need to be to sts.iam.us-iso-east-1.c2s.ic.gov, iam.us-iso-east-1.c2s.ic.gov, and ec2.iam.us-iso-east-1.c2s.ic.gov for example

Kaiyan_Sheng · January 20, 2021, 6:56pm

With this PR, endpoint and regions will be required for your case:

- module: aws
  period: 5m
  endpoint: c2s.ic.gov
  regions: us-iso-east-1
  metricsets:
    - ec2

This will call iam.c2s.ic.gov and ec2.us-iso-east-1.c2s.ic.gov for example. I don't think there will be anything like ec2.iam.us-iso-east-1.c2s.ic.gov though with two service names.

cjm3625 · January 20, 2021, 8:37pm

Sorry that was a typo on my part we need iam and sts calls to include the region, like iam.us-iso-east-1.c2s.ic.go.c2s.ic.gov and sts.us-iso-east-1.c2s.ic.gov. Also the endpoint is not reflected on the metric calls as we are seeing calls to ec2 hit ec2.us-iso-east-1.amazonaws.com when endpoint is set to c2s.ic.gov.

cjm3625 · January 25, 2021, 3:53pm

Is it possible to have the region included in the iam and sts calls? in the aws-iso the iam and sts addresses include the region

Kaiyan_Sheng · January 25, 2021, 5:43pm

Also the endpoint is not reflected on the metric calls as we are seeing calls to ec2 hit ec2.us-iso-east-1.amazonaws.com when endpoint is set to c2s.ic.gov.

Yes that's a bug also get fixed in the same PR. Please feel free to test it and leave comments in the PR or here! Thanks!!!

cjm3625 · January 25, 2021, 6:12pm

How do I get those changes into my environment? I use the beat rpm files to install the packages.

cjm3625 · January 26, 2021, 8:43pm

Is it possible to have the region included in the iam and sts calls? in the aws-iso the iam and sts addresses include the region as there is no global endpoint for those services

system · February 23, 2021, 10:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.