我正在按照以下配置运行带有s3管道的logstash容器:
input {
s3 {
id => "pipeline_s3_example_bucket_input"
bucket => "example-bucket"
region => "ap-southeast-1"
access_key_id => "#######################"
secret_access_key => "#######################"
codec => "json_lines"
sincedb_path => "/sincedbs/pipeline_s3_example_bucket.sincedb"
prefix => "folderA"
add_field => {
"type" => "example-bucket-logs"
"host" => "example-bucket"
}
}
}
我的s3存储桶使用自定义托管密钥通过AWS-KMS加密。我正在使用以下IAM策略让用户读取存储分区数据:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "IAMPolicy",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"kms:Decrypt",
"s3:GetBucketLogging",
"kms:GenerateDataKey",
"kms:DescribeKey",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:GetBucketVersioning",
"s3:GetBucketLocation",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:kms:ap-southeast-1:<account-id>:key/<Key-ID>",
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
}
]
}
我还在关键用户中添加了用户arn,我使用aws cli命令测试了访问权限,并且效果也很好。但是,logstash无法提取这些日志,我也看不到容器日志中的任何错误。如果其他人遇到过类似的问题,请提供帮助。
针对同一问题的弹性社区链接:https://discuss.elastic.co/t/s3-input-plugin-is-not-reading-aws-kms-cmk-encrypted-bucket/249439