Skip to content

Commit

Permalink
Add support for specifying AWS cred file
Browse files Browse the repository at this point in the history 
- add "shared_credential_file" to cloudtrail config

Fixes elastic#15652
  • Loading branch information
@leehinman
leehinman committed Jan 21, 2020
1 parent 7fd545d commit 3617003
Show file tree
Hide file tree
Showing 8 changed files with 52 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ TLS or Beats that accept connections over TLS and validate client certificates.

*Filebeat*

- Add shared_credential_file to cloudtrail config {issue}15652[15652] {pull}15656[15656]

*Heartbeat*

Expand Down
12 changes: 11 additions & 1 deletion filebeat/docs/modules/aws.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,14 +72,24 @@ Example config:
# AWS SQS queue url
#var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue
# Filename of AWS credential file
# If not set "$HOME/.aws/credentials" is used on Linux/Mac
# "%UserProfile%\.aws\credentials" is used on Windows
# var.shared_credential_file: /etc/filebeat/aws_credentials
# Profile name for aws credential
#var.credential_profile_name: fb-aws
# If not set the default profile is used
# var.credential_profile_name: fb-aws
----

*`var.queue_url`*::

AWS SQS queue url.

*`var.shared_credential_file`*::

Filename of AWS credential file.

*`var.credential_profile_name`*::

AWS credential profile name.
Expand Down
6 changes: 6 additions & 0 deletions x-pack/filebeat/filebeat.reference.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,13 @@ filebeat.modules:
# AWS SQS queue url
#var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue

# Filename of AWS credential file
# If not set "$HOME/.aws/credentials" is used on Linux/Mac
# "%UserProfile%\.aws\credentials" is used on Windows
#var.shared_credential_file: /etc/filebeat/aws_credentials

# Profile name for aws credential
# If not set the default profile is used
#var.credential_profile_name: fb-aws

#-------------------------------- Azure Module --------------------------------
Expand Down
6 changes: 6 additions & 0 deletions x-pack/filebeat/module/aws/_meta/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,11 @@
# AWS SQS queue url
#var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue

# Filename of AWS credential file
# If not set "$HOME/.aws/credentials" is used on Linux/Mac
# "%UserProfile%\.aws\credentials" is used on Windows
#var.shared_credential_file: /etc/filebeat/aws_credentials

# Profile name for aws credential
# If not set the default profile is used
#var.credential_profile_name: fb-aws
12 changes: 11 additions & 1 deletion x-pack/filebeat/module/aws/_meta/docs.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,14 +67,24 @@ Example config:
# AWS SQS queue url
#var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue
# Filename of AWS credential file
# If not set "$HOME/.aws/credentials" is used on Linux/Mac
# "%UserProfile%\.aws\credentials" is used on Windows
# var.shared_credential_file: /etc/filebeat/aws_credentials
# Profile name for aws credential
#var.credential_profile_name: fb-aws
# If not set the default profile is used
# var.credential_profile_name: fb-aws
----

*`var.queue_url`*::

AWS SQS queue url.

*`var.shared_credential_file`*::

Filename of AWS credential file.

*`var.credential_profile_name`*::

AWS credential profile name.
Expand Down
10 changes: 9 additions & 1 deletion x-pack/filebeat/module/aws/cloudtrail/config/cloudtrail.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,17 @@

type: s3
queue_url: {{ .queue_url }}
credential_profile_name: {{ .credential_profile_name }}
expand_event_list_from_field: Records

{{ if .credential_profile_name }}
credential_profile_name: {{ .credential_profile_name }}
{{ end }}

{{ if .shared_credential_file }}
shared_credential_file: {{ .shared_credential_file }}
{{ end }}


{{ else if eq .input "file" }}

type: log
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/manifest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ module_version: 1.0
var:
- name: input
default: s3
- name: shared_credential_file
- name: credential_profile_name

ingest_pipeline: ingest/pipeline.yml
input: config/cloudtrail.yml
6 changes: 6 additions & 0 deletions x-pack/filebeat/modules.d/aws.yml.disabled
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,11 @@
# AWS SQS queue url
#var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue

# Filename of AWS credential file
# If not set "$HOME/.aws/credentials" is used on Linux/Mac
# "%UserProfile%\.aws\credentials" is used on Windows
#var.shared_credential_file: /etc/filebeat/aws_credentials

# Profile name for aws credential
# If not set the default profile is used
#var.credential_profile_name: fb-aws

0 comments on commit 3617003

Please sign in to comment.