Need help figuring out AWS role for functionbeat

Jonathan_Detert · January 15, 2021, 9:26pm

https://www.elastic.co/guide/en/beats/functionbeat/7.x/configuration-functionbeat-options.html#functionbeat-role says that I can add a parameter named role to my functionbeat config.

Where to add it? I'm guessing it's meant as an attribute of an item in the functionbeat.provider.aws.functions list. Is that correct? If not, where to put it?

The value of the role attribute is said to be an aws role's arn. https://www.elastic.co/guide/en/beats/functionbeat/7.x/iam-permissions.html describes the actions that need to be in the role policy, but does not say anything about which resources these actions will be allowed on. It just cites '*' for the resource. My employer's policy doesn't allow me to say that. So, I have to be more specific. What resources should I cite as part of the policy?

Thanks!

mtojek · January 18, 2021, 9:08am

Please look at the docs: Configure AWS functions | Functionbeat Reference [7.16] | Elastic

functionbeat.provider.aws.functions:
  - name: cloudwatch
    enabled: true
    type: cloudwatch_logs
    description: "lambda function for cloudwatch logs"
    triggers:
      - log_group_name: /aws/lambda/my-lambda-function
    role: arn:aws:iam::123456789012:role/MyFunction

Jonathan_Detert · January 18, 2021, 9:16pm

Obviously, I have looked at that url - it's the same one I put in my original post. And, if you have a look, you will see that it neither explicitly says where to put it, nor shows an example. Your example matches what I posted as a guess. It would be clearer for all if the doc simply said so, or if you had said , "yes, that is the implied location".

What about my 2nd question? Which resources to cite in the policy?

system · February 15, 2021, 11:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.