You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've got a standalone instance of Onion AMI running in AWS, with Filebeat configured to consume Cloudtrail logs out of an S3 bucket.
With:
creds in ~/.aws/credentials,
Those same creds also specified in the /opt/so/saltstack/local/pillar/minions/ .sts file
and
a role assumed in the S3 account using var.role_arn in the .sts file
Logs are being grabbed. BUT if any of these 3 settings changes/is removed, Filebeat does not even attempt to pull logs from S3 or read the SQS queue
Questions:
Does anyone have this working using ONLY assumeRole? I really don't want to be hard-coding creds anywhere
I'm seeing literally an STS:AssumeRole every couple of seconds from the Onion IAM user assuming the role. Is everyone else seeing that behavior? It's flooding my logs. I can see in each AssumeRole operation that the token expiration is as expected, and so I'm unsure why a new AssumeRole operation is being undertaken continually, thousands of times per hour
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey Everyone,
I've got a standalone instance of Onion AMI running in AWS, with Filebeat configured to consume Cloudtrail logs out of an S3 bucket.
With:
creds in ~/.aws/credentials,
Those same creds also specified in the /opt/so/saltstack/local/pillar/minions/ .sts file
and
Logs are being grabbed. BUT if any of these 3 settings changes/is removed, Filebeat does not even attempt to pull logs from S3 or read the SQS queue
Questions:
Does anyone have this working using ONLY assumeRole? I really don't want to be hard-coding creds anywhere
I'm seeing literally an STS:AssumeRole every couple of seconds from the Onion IAM user assuming the role. Is everyone else seeing that behavior? It's flooding my logs. I can see in each AssumeRole operation that the token expiration is as expected, and so I'm unsure why a new AssumeRole operation is being undertaken continually, thousands of times per hour
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions