Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Enable awscloudwatch input to collect logs from linked source accounts #36645

Closed
wants to merge 8 commits into from
Closed

[Filebeat] Enable awscloudwatch input to collect logs from linked source accounts #36645

wants to merge 8 commits into from

Conversation

tommyers-elastic
Copy link
Contributor

@tommyers-elastic tommyers-elastic commented Sep 21, 2023
edited
Loading

When log_group_arn is configured, use it directly, instead of parsing the log group name and using that instead. This allows log collection from linked source accounts.

In order to 'fully' support cross account collection with log group prefixes, we need to add additional configuration options to allow DescribeLogGroups to discover log groups in linked accounts. This change will come separately.

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Fixes #36642

@tommyers-elastic
Enable awscloudwatch input to collect logs from linked source accounts.
844df38 
For cross account monitoring, we need to use the log group ARN, instead
of log group name in order to retreive logs from outside the monitoring
account. This change used ARN throughout (but still requires a
conversion back to get the 'plain' log group name to construct the log metadata
at the end - not ideal).
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 21, 2023
@tommyers-elastic tommyers-elastic added the Team:Cloud-Monitoring Label for the Cloud Monitoring team label Sep 21, 2023
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 21, 2023
@mergify
Copy link
Contributor

mergify bot commented Sep 21, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @tommyers-elastic? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 21, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Duration: 114 min 17 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@tommyers-elastic tommyers-elastic marked this pull request as ready for review September 25, 2023 09:54
kaiyan-sheng
kaiyan-sheng reviewed Sep 25, 2023
View reviewed changes
Copy link
Contributor

@kaiyan-sheng kaiyan-sheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good to me. Maybe we can add some documentation about this feature too in https://github.com/elastic/beats/blob/main/x-pack/filebeat/docs/inputs/input-aws-cloudwatch.asciidoc?

@tommyers-elastic tommyers-elastic changed the title [WIP] [Filebeat] Enable awscloudwatch input to collect logs from linked source accounts [Filebeat] Enable awscloudwatch input to collect logs from linked source accounts Sep 26, 2023
@tommyers-elastic tommyers-elastic enabled auto-merge (squash) October 3, 2023 08:43
@pierrehilbert pierrehilbert added the Team:Elastic-Agent Label for the Agent team label Oct 8, 2023
@mergify
Copy link
Contributor

mergify bot commented Oct 12, 2023

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b enable-cross-account-cloudwatch-logs upstream/enable-cross-account-cloudwatch-logs
git merge upstream/main
git push upstream enable-cross-account-cloudwatch-logs

1 similar comment
@mergify Mergify
Copy link
Contributor

mergify bot commented Feb 5, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b enable-cross-account-cloudwatch-logs upstream/enable-cross-account-cloudwatch-logs
git merge upstream/main
git push upstream enable-cross-account-cloudwatch-logs

@mergify Mergify
Copy link
Contributor

mergify bot commented Feb 5, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @tommyers-elastic? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@hesingon
Copy link

May I check when can this PR be done? waiting for this feature..

@nsshah1288
Copy link

Hi @kaiyan-sheng, it would be amazing if this PR could get completed! We are very keen to use this feature to collect CW logs from multiple accounts with a centralized elastic agent. thank you!

@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 9, 2024
Merged
6 tasks
@mergify mergify bot mentioned this pull request Oct 15, 2024
Merged
6 tasks
@kaiyan-sheng
Copy link
Contributor

@tommyers-elastic I'm closing this PR since we've merged @Kavindu-Dodan's instead :) Thank you!!

auto-merge was automatically disabled October 21, 2024 15:25

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Assignees

@tommyers-elastic tommyers-elastic

Labels
Team:Cloud-Monitoring Label for the Cloud Monitoring team Team:Elastic-Agent Label for the Agent team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Filebeat] [AWS] Support getting cloudwatch logs from linked cross-account monitoring source accounts
6 participants
@tommyers-elastic @elasticmachine @hesingon @nsshah1288 @kaiyan-sheng @pierrehilbert