S3 output using iam roles that gives access to aws security credentials


(Trekr5) #1

Hello,

I really would appreciate assistance regarding this matter.

I'm using Logstash 1.5 on Ubuntu 14.04 and am trying to configure my logstash installation to upload data to an s3 bucket via an iam role.

Currently i have created an iam role in AWS which an ec2 instance that i start in aws will have assigned to it. Within this role is the policy AmazonEC2ReadOnlyAccess.

This is my output config for s3 at present:

  s3 {
        access_key_id => "<%= @key %>"
        secret_access_key => "<%= @secret %>"
        endpoint_region => "eu-west-1"
        bucket => "<%= @s3bucket %>"
        format => "json"
        size_file => 3000000
      }

where the values for access_key_id, secret_access_key and bucket would be stored in an encrypted data bag in Chef and referenced in a chef recipe.

However now i would like to use an iam role for these security credentials. How would I write the s3 output config to use an iam role ?

I am using the aws-sdk gem for ruby and currently access the s3 bucket using this code in my s3 plugin:

  AWS.config(
    :access_key_id => @access_key_id,
    :secret_access_key => @secret_access_key,
    :s3_endpoint => @endpoint_region
  )
  @s3 = AWS::S3.new 

  bucket = @s3.buckets[@bucket]

  object = bucket.objects[file_basename]
  object.write(:file => file_data, :acl => @canned_acl)

Many thanks


(Joe Lawson) #2

Just leave the key and secret off. They are using the AWS sdk which will
resolve IAM credentials:


(system) #3