Prevent inclusion of Authorization header

Michael_Daly · January 20, 2019, 1:33am

To get FileBeat working with AWS ES, the Authorization http header must not be included in the http request.

How can I prevent FileBeat sending a basic auth header?

Setting -E output.elasticsearch.username="" -E output.elasticsearch.password="" in the docker command does not work.

Example Docker Command

    docker run \
        docker.elastic.co/beats/filebeat-oss:6.5.4 \
        setup -E setup.kibana.host="https://*.eu-west-1.es.amazonaws.com:443" \
        -E output.elasticsearch.hosts=["https://*.eu-west-1.es.amazonaws.com:443"]

Output from FileBeat:

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://*.eu-west-1.es.amazonaws.com:443: 403 Forbidden: {"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic ZWxhc3RpYzpjaGFuZ2VtZQ=="}]

Another user also had the same issue, but didn't ask about the Authorization header.

steffens · January 22, 2019, 11:34am

The error message seems to suggest that AWS ES requires you to have an Authorization header in a special format include credentials and signature. Beats are not tested with AWS IAM, and I don't think that Beats support AWS IAM functionality.

Michael_Daly · January 22, 2019, 12:07pm

AWS ES requires credentials and signature only if an Authorization header is present. If the header is not present, requests do not need to be signed.

I have tested removal the Authorization header with an nginx container proxying requests, but this is quite a bit of additional complexity for deployment.

steffens · January 22, 2019, 3:51pm

Hm... I don't think filebeat will send create an Authorization header if no username or password is configured. You can try to add -E 'output.elasticsearch={user: "", password: ""} to overwrite the settings with empty strings in the containers config file.

system · February 19, 2019, 3:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
403 Forbidden when trying to send logs using Filebeat Beats filebeat	1	527	August 18, 2021
Elasticsearch permissions required by Filebeat Beats filebeat	7	3891	November 30, 2018
Couldn't connect to AWS ES Beats	7	1620	August 29, 2019
Filebeat with AWS ES IAM Role authentication ...? Beats filebeat	2	1249	November 28, 2019
How to connect beats to AWS elasticsearch with authentication Beats	4	6829	May 15, 2017

Prevent inclusion of Authorization header

Related topics