diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index af08827d802..c6d8c6cfa02 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -78,6 +78,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - netflow: Fix bytes/packets counters on some devices (NSEL and Netstream). {pull}15449[15449] - netflow: Fix compatibility with some Cisco devices by changing the field `class_id` from short to long. {pull}15449[15449] - Fixed dashboard for Cisco ASA Firewall. {issue}15420[15420] {pull}15553[15553] +- Add shared_credential_file to cloudtrail config {issue}15652[15652] {pull}15656[15656] *Heartbeat* diff --git a/filebeat/docs/modules/aws.asciidoc b/filebeat/docs/modules/aws.asciidoc index f07c013b77c..d2f23e55961 100644 --- a/filebeat/docs/modules/aws.asciidoc +++ b/filebeat/docs/modules/aws.asciidoc @@ -45,8 +45,14 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws elb: enabled: false @@ -54,8 +60,14 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws vpcflow: enabled: false @@ -63,8 +75,14 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws cloudtrail: enabled: false @@ -72,14 +90,24 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws ---- *`var.queue_url`*:: AWS SQS queue url. +*`var.shared_credential_file`*:: + +Filename of AWS credential file. + *`var.credential_profile_name`*:: AWS credential profile name. diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index b448afc2195..e4a70367a37 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -102,7 +102,13 @@ filebeat.modules: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws elb: @@ -111,7 +117,13 @@ filebeat.modules: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws vpcflow: @@ -120,7 +132,13 @@ filebeat.modules: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws cloudtrail: @@ -129,7 +147,13 @@ filebeat.modules: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws #-------------------------------- Azure Module -------------------------------- diff --git a/x-pack/filebeat/module/aws/_meta/config.yml b/x-pack/filebeat/module/aws/_meta/config.yml index 98ab79d69f5..f069a6d3128 100644 --- a/x-pack/filebeat/module/aws/_meta/config.yml +++ b/x-pack/filebeat/module/aws/_meta/config.yml @@ -5,7 +5,13 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws elb: @@ -14,7 +20,13 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws vpcflow: @@ -23,7 +35,13 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws cloudtrail: @@ -32,5 +50,11 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws diff --git a/x-pack/filebeat/module/aws/_meta/docs.asciidoc b/x-pack/filebeat/module/aws/_meta/docs.asciidoc index f35c2e9e4d5..fcfa0956f2e 100644 --- a/x-pack/filebeat/module/aws/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/aws/_meta/docs.asciidoc @@ -40,8 +40,14 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws elb: enabled: false @@ -49,8 +55,14 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws vpcflow: enabled: false @@ -58,8 +70,14 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws cloudtrail: enabled: false @@ -67,14 +85,24 @@ Example config: # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + # var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential - #var.credential_profile_name: fb-aws + # If not set the default profile is used + # var.credential_profile_name: fb-aws ---- *`var.queue_url`*:: AWS SQS queue url. +*`var.shared_credential_file`*:: + +Filename of AWS credential file. + *`var.credential_profile_name`*:: AWS credential profile name. diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/cloudtrail.yml b/x-pack/filebeat/module/aws/cloudtrail/config/cloudtrail.yml index 2b1c3b8551b..6b340543a86 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/cloudtrail.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/cloudtrail.yml @@ -2,9 +2,17 @@ type: s3 queue_url: {{ .queue_url }} -credential_profile_name: {{ .credential_profile_name }} expand_event_list_from_field: Records +{{ if .credential_profile_name }} +credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} + + {{ else if eq .input "file" }} type: log diff --git a/x-pack/filebeat/module/aws/cloudtrail/manifest.yml b/x-pack/filebeat/module/aws/cloudtrail/manifest.yml index 915da46a368..4865624045e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/manifest.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/manifest.yml @@ -3,6 +3,8 @@ module_version: 1.0 var: - name: input default: s3 + - name: shared_credential_file + - name: credential_profile_name ingest_pipeline: ingest/pipeline.yml input: config/cloudtrail.yml diff --git a/x-pack/filebeat/module/aws/elb/config/s3.yml b/x-pack/filebeat/module/aws/elb/config/s3.yml index 4bc46921c20..c4c151708b9 100644 --- a/x-pack/filebeat/module/aws/elb/config/s3.yml +++ b/x-pack/filebeat/module/aws/elb/config/s3.yml @@ -1,3 +1,10 @@ type: s3 queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} diff --git a/x-pack/filebeat/module/aws/elb/manifest.yml b/x-pack/filebeat/module/aws/elb/manifest.yml index d39eacc5847..ca83ac2a315 100644 --- a/x-pack/filebeat/module/aws/elb/manifest.yml +++ b/x-pack/filebeat/module/aws/elb/manifest.yml @@ -3,6 +3,8 @@ module_version: 1.0 var: - name: input default: s3 + - name: shared_credential_file + - name: credential_profile_name ingest_pipeline: ingest/pipeline.yml input: config/{{.input}}.yml diff --git a/x-pack/filebeat/module/aws/s3access/config/s3.yml b/x-pack/filebeat/module/aws/s3access/config/s3.yml index 4bc46921c20..c4c151708b9 100644 --- a/x-pack/filebeat/module/aws/s3access/config/s3.yml +++ b/x-pack/filebeat/module/aws/s3access/config/s3.yml @@ -1,3 +1,10 @@ type: s3 queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} diff --git a/x-pack/filebeat/module/aws/s3access/manifest.yml b/x-pack/filebeat/module/aws/s3access/manifest.yml index 7eea71864a2..20c0ce4efc7 100644 --- a/x-pack/filebeat/module/aws/s3access/manifest.yml +++ b/x-pack/filebeat/module/aws/s3access/manifest.yml @@ -3,6 +3,8 @@ module_version: 1.0 var: - name: input default: s3 + - name: shared_credential_file + - name: credential_profile_name ingest_pipeline: ingest/pipeline.yml input: config/{{.input}}.yml diff --git a/x-pack/filebeat/module/aws/vpcflow/config/input.yml b/x-pack/filebeat/module/aws/vpcflow/config/input.yml index 432abff6d37..250ce449e55 100644 --- a/x-pack/filebeat/module/aws/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/aws/vpcflow/config/input.yml @@ -2,7 +2,14 @@ type: s3 queue_url: {{ .queue_url }} + +{{ if .credential_profile_name }} credential_profile_name: {{ .credential_profile_name }} +{{ end }} + +{{ if .shared_credential_file }} +shared_credential_file: {{ .shared_credential_file }} +{{ end }} {{ else if eq .input "file" }} diff --git a/x-pack/filebeat/module/aws/vpcflow/manifest.yml b/x-pack/filebeat/module/aws/vpcflow/manifest.yml index ce86747f865..9e047a606eb 100644 --- a/x-pack/filebeat/module/aws/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/aws/vpcflow/manifest.yml @@ -3,6 +3,8 @@ module_version: 1.0 var: - name: input default: s3 + - name: shared_credential_file + - name: credential_profile_name ingest_pipeline: ingest/pipeline.yml input: config/input.yml diff --git a/x-pack/filebeat/modules.d/aws.yml.disabled b/x-pack/filebeat/modules.d/aws.yml.disabled index b6c2810738f..6bdbafe2205 100644 --- a/x-pack/filebeat/modules.d/aws.yml.disabled +++ b/x-pack/filebeat/modules.d/aws.yml.disabled @@ -8,7 +8,13 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws elb: @@ -17,7 +23,13 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws vpcflow: @@ -26,7 +38,13 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws cloudtrail: @@ -35,5 +53,11 @@ # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue + # Filename of AWS credential file + # If not set "$HOME/.aws/credentials" is used on Linux/Mac + # "%UserProfile%\.aws\credentials" is used on Windows + #var.shared_credential_file: /etc/filebeat/aws_credentials + # Profile name for aws credential + # If not set the default profile is used #var.credential_profile_name: fb-aws