Closed aidan-melen closed 4 years ago
arn:aws:iam::??????????:role/logstash IAM role inline policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1444715676000", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" }, { "Sid": "Stmt1444716576170", "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": "*" } ] }
/usr/share/logstash/config/logstash.yml
http.host: "0.0.0.0" path.config: /usr/share/logstash/pipeline
/usr/share/logstash/pipeline/logstash.conf
input { cloudwatch { namespace => "AWS/EC2" metrics => [ "CPUUtilization" ] filters => { "tag:Monitoring" => "Yes" } role_arn => "arn:aws:iam::??????????:role/logstash" region => "us-west-2" } } output { elasticsearch { hosts => ["elastic.com:9200"] user => "elastic" password => "password" ssl => false ssl_certificate_verification => false index => "cloudwatch-metrics-%{+YYYY.MM.dd}" } }
Dockerfile:
FROM docker.elastic.co/logstash/logstash:7.6.0 RUN bin/logstash-plugin install logstash-input-cloudwatch RUN bin/logstash-plugin install logstash-output-elasticsearch
Run the container with the following:
docker run -it \ -v $(current_dir)/config:/usr/share/logstash/config \ -v $(current_dir)/pipeline:/usr/share/logstash/pipeline \ logstash-with-plugins:latest
Error:
[ERROR] 2020-05-01 16:20:00.805 [[main]<cloudwatch] javapipeline - A plugin had an unrecoverable error. Will restart this plugin. Pipeline_id:main Plugin: <LogStash::Inputs::CloudWatch namespace=>"AWS/EC2", metrics=>["CPUUtilization"], filters=>{"tag:Monitoring"=>"Yes"}, id=>"3dcfbed65cb898284f8766782e4041abdf2b6e1d085b6bdeca03ddd96ca817ef", role_arn=>"arn:aws:iam::???????????:role/logstash-role", region=>"us-west-2", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_58ed5d50-ec8a-4751-b78c-0e27722fa906", enable_metric=>true, charset=>"UTF-8">, role_session_name=>"logstash", statistics=>["SampleCount", "Average", "Minimum", "Maximum", "Sum"], interval=>900, period=>300, combined=>false> Error: unable to sign request without credentials set Exception: Aws::Errors::MissingCredentialsError
arn:aws:iam::??????????:role/logstash IAM role inline policy:
/usr/share/logstash/config/logstash.yml
/usr/share/logstash/pipeline/logstash.conf
Dockerfile:
Run the container with the following:
Error: