The key id and the secret key env vars are in the .bashrc file and are correctly set. Those keys are for a user created in IAM with a policy with the following permissions:
Hello! Thanks for posting here. Failed DescribeRegions usually means something wrong with the credentials (probably I need to fix this with better error messages).
First question I have is, do you need a session_token for your aws credential? For example if you have MFA setup, then you need to use the temporary token to generate a new set of access key, secret access key and session token.
If you have aws-cli setup locally, you can try to make some basic aws api calls with the credential you have to see if the credentials are valid.
Hmmm, good question. I'm reviewing the user. I created a new one just for metricbeat. With the roles I mentioned above. Also, the user has no password nor MFA. Only the access keys. This is the user configuration:
I made a policy simulation in IAM and the DescribeRegions worked fine. You mean that maybe I need to configure in the aws.yaml file both the access_key and the session_token vars?
I'll try to sep up aws-cli to use those credentials and see if it works. Thanks you!
Sorry for the late response. Thanks for giving the CLI a try, since that works, the credentials should work for aws module hmmm. Do you use ~/.aws/credentials to store aws credentials under different profile names? If so, could you give this config a try?
If you don't use ~/.aws/credentials file, then could you plugin the AWS credentials directly into the config to see if that will work? I'm just trying to make sure the credentials get passed into the config correctly:
- module: aws
period: 300s
access_key_id: "please copy paste your access key id in here"
secret_access_key: "please copy paste your secret access key in here"
metricsets:
- cloudwatch
metrics:
- namespace: AWS/EC2
name: ["CPUUtilization", "DiskWriteOps"]
tags.resource_type_filter: ec2:instance
statistic: ["Average"]
It looks like, as you said, the credentials were not passed correctly to the config file. I had an .aws/credentials file, with just a default profile. I used it in the config file and it seems that it's working fine.
Probably I did something wrong with the ENV variables in the yaml file.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.