To get FileBeat working with AWS ES, the Authorization
http header must not be included in the http request.
How can I prevent FileBeat sending a basic auth header?
Setting -E output.elasticsearch.username="" -E output.elasticsearch.password=""
in the docker command does not work.
Example Docker Command
docker run \
docker.elastic.co/beats/filebeat-oss:6.5.4 \
setup -E setup.kibana.host="https://*.eu-west-1.es.amazonaws.com:443" \
-E output.elasticsearch.hosts=["https://*.eu-west-1.es.amazonaws.com:443"]
Output from FileBeat:
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://*.eu-west-1.es.amazonaws.com:443: 403 Forbidden: {"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic ZWxhc3RpYzpjaGFuZ2VtZQ=="}]
Another user also had the same issue, but didn't ask about the Authorization header.