# Module: aws # Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-aws.html - module: aws cloudtrail: enabled: false # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue # Process CloudTrail logs # default is true, set to false to skip Cloudtrail logs # var.process_cloudtrail_logs: false # Process CloudTrail Digest logs # default true, set to false to skip CloudTrail Digest logs # var.process_digest_logs: false # Process CloudTrail Insight logs # default true, set to false to skip CloudTrail Insight logs # var.process_insight_logs: false # Filename of AWS credential file # If not set "$HOME/.aws/credentials" is used on Linux/Mac # "%UserProfile%\.aws\credentials" is used on Windows #var.shared_credential_file: /etc/filebeat/aws_credentials # Profile name for aws credential # If not set the default profile is used #var.credential_profile_name: fb-aws # Use access_key_id, secret_access_key and/or session_token instead of shared credential file #var.access_key_id: access_key_id #var.secret_access_key: secret_access_key #var.session_token: session_token # The duration that the received messages are hidden from ReceiveMessage request # Default to be 300s #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted # Default to be 120s #var.api_timeout: 120s # Custom endpoint used to access AWS APIs #var.endpoint: amazonaws.com # AWS IAM Role to assume #var.role_arn: arn:aws:iam::123456789012:role/test-mb # Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. #var.fips_enabled: false # The maximum number of messages to return from SQS. Valid values: 1 to 10. #var.max_number_of_messages: 5 cloudwatch: enabled: false # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue # Filename of AWS credential file # If not set "$HOME/.aws/credentials" is used on Linux/Mac # "%UserProfile%\.aws\credentials" is used on Windows #var.shared_credential_file: /etc/filebeat/aws_credentials # Profile name for aws credential # If not set the default profile is used #var.credential_profile_name: fb-aws # Use access_key_id, secret_access_key and/or session_token instead of shared credential file #var.access_key_id: access_key_id #var.secret_access_key: secret_access_key #var.session_token: session_token # The duration that the received messages are hidden from ReceiveMessage request # Default to be 300s #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted # Default to be 120s #var.api_timeout: 120s # Custom endpoint used to access AWS APIs #var.endpoint: amazonaws.com # AWS IAM Role to assume #var.role_arn: arn:aws:iam::123456789012:role/test-mb # Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. #var.fips_enabled: false # The maximum number of messages to return from SQS. Valid values: 1 to 10. #var.max_number_of_messages: 5 ec2: enabled: false # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue # Filename of AWS credential file # If not set "$HOME/.aws/credentials" is used on Linux/Mac # "%UserProfile%\.aws\credentials" is used on Windows #var.shared_credential_file: /etc/filebeat/aws_credentials # Profile name for aws credential # If not set the default profile is used #var.credential_profile_name: fb-aws # Use access_key_id, secret_access_key and/or session_token instead of shared credential file #var.access_key_id: access_key_id #var.secret_access_key: secret_access_key #var.session_token: session_token # The duration that the received messages are hidden from ReceiveMessage request # Default to be 300s #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted # Default to be 120s #var.api_timeout: 120s # Custom endpoint used to access AWS APIs #var.endpoint: amazonaws.com # AWS IAM Role to assume #var.role_arn: arn:aws:iam::123456789012:role/test-mb # Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. #var.fips_enabled: false # The maximum number of messages to return from SQS. Valid values: 1 to 10. #var.max_number_of_messages: 5 elb: enabled: false # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue # Filename of AWS credential file # If not set "$HOME/.aws/credentials" is used on Linux/Mac # "%UserProfile%\.aws\credentials" is used on Windows #var.shared_credential_file: /etc/filebeat/aws_credentials # Profile name for aws credential # If not set the default profile is used #var.credential_profile_name: fb-aws # Use access_key_id, secret_access_key and/or session_token instead of shared credential file #var.access_key_id: access_key_id #var.secret_access_key: secret_access_key #var.session_token: session_token # The duration that the received messages are hidden from ReceiveMessage request # Default to be 300s #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted # Default to be 120s #var.api_timeout: 120s # Custom endpoint used to access AWS APIs #var.endpoint: amazonaws.com # AWS IAM Role to assume #var.role_arn: arn:aws:iam::123456789012:role/test-mb # Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. #var.fips_enabled: false # The maximum number of messages to return from SQS. Valid values: 1 to 10. #var.max_number_of_messages: 5 s3access: enabled: false # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue # Filename of AWS credential file # If not set "$HOME/.aws/credentials" is used on Linux/Mac # "%UserProfile%\.aws\credentials" is used on Windows #var.shared_credential_file: /etc/filebeat/aws_credentials # Profile name for aws credential # If not set the default profile is used #var.credential_profile_name: fb-aws # Use access_key_id, secret_access_key and/or session_token instead of shared credential file #var.access_key_id: access_key_id #var.secret_access_key: secret_access_key #var.session_token: session_token # The duration that the received messages are hidden from ReceiveMessage request # Default to be 300s #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted # Default to be 120s #var.api_timeout: 120s # Custom endpoint used to access AWS APIs #var.endpoint: amazonaws.com # AWS IAM Role to assume #var.role_arn: arn:aws:iam::123456789012:role/test-mb # Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. #var.fips_enabled: false # The maximum number of messages to return from SQS. Valid values: 1 to 10. #var.max_number_of_messages: 5 vpcflow: enabled: false # AWS SQS queue url #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue # Filename of AWS credential file # If not set "$HOME/.aws/credentials" is used on Linux/Mac # "%UserProfile%\.aws\credentials" is used on Windows #var.shared_credential_file: /etc/filebeat/aws_credentials # Profile name for aws credential # If not set the default profile is used #var.credential_profile_name: fb-aws # Use access_key_id, secret_access_key and/or session_token instead of shared credential file #var.access_key_id: access_key_id #var.secret_access_key: secret_access_key #var.session_token: session_token # The duration that the received messages are hidden from ReceiveMessage request # Default to be 300s #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted # Default to be 120s #var.api_timeout: 120s # Custom endpoint used to access AWS APIs #var.endpoint: amazonaws.com # AWS IAM Role to assume #var.role_arn: arn:aws:iam::123456789012:role/test-mb # Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. #var.fips_enabled: false # The maximum number of messages to return from SQS. Valid values: 1 to 10. #var.max_number_of_messages: 5