Skip to content

x-pack/filebeat/inputs/awss3 - Handle SQS notification without region#40628

Merged
andrewkroh merged 2 commits intoelastic:mainfrom
andrewkroh:bugfix/fb/awss3/empty-s3-region
Aug 27, 2024
Merged

x-pack/filebeat/inputs/awss3 - Handle SQS notification without region#40628
andrewkroh merged 2 commits intoelastic:mainfrom
andrewkroh:bugfix/fb/awss3/empty-s3-region

Conversation

@andrewkroh
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh commented Aug 27, 2024
edited
Loading

Proposed commit message

When a region is not specified in the SQS notification then reuse the existing S3 client instead of creating a new one based on an empty (unspecified) AWS region name. This problem affected custom SQS notification formats that did not specify a region name (like Crowdstrike FDR notifications).

This addresses errors like:

S3 download failure: s3 GetObject failed: operation error S3: GetObject, resolve auth scheme:
resolve endpoint: endpoint rule error, Invalid region: region was not a valid DNS name.

Fixes: elastic/integrations#10647
Relates: #40309

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@andrewkroh
x-pack/filebeat/inputs/awss3 - Handle SQS notification without region
89fd798 
When a region is not specified in the SQS notification then reuse the existing
S3 client instead of creating a new one based on an empty (unspecified) AWS
region name. This problem affected custom SQS notification formats that did
not specify a region name (like Crowdstrike FDR notifications).

This addresses errors like:

    S3 download failure: s3 GetObject failed: operation error S3: GetObject, resolve auth scheme: resolve endpoint: endpoint rule error, Invalid region: region was not a valid DNS name.

Fixes: elastic/integrations/elastic#10647
Relates: elastic#40309
@andrewkroh andrewkroh added Filebeat Filebeat aws Enable builds in the CI for aws cloud testing bugfix Team:Security-Service Integrations Security Service Integrations Team labels Aug 27, 2024
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Aug 27, 2024
@mergify

This comment was marked as outdated.

Sign in to view
@andrewkroh andrewkroh added the backport-8.15 Automated backport to the 8.15 branch with mergify label Aug 27, 2024
@andrewkroh andrewkroh marked this pull request as ready for review August 27, 2024 12:03
@andrewkroh andrewkroh requested a review from a team as a code owner August 27, 2024 12:03
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 27, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@andrewkroh andrewkroh mentioned this pull request Aug 27, 2024
Closed
kaiyan-sheng
kaiyan-sheng approved these changes Aug 27, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@kaiyan-sheng kaiyan-sheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the fix!

@andrewkroh andrewkroh merged commit 6d25d46 into elastic:main Aug 27, 2024
mergify bot pushed a commit that referenced this pull request Aug 27, 2024
@andrewkroh @mergify
x-pack/filebeat/inputs/awss3 - Handle SQS notification without region (
48d2303 
…#40628)

When a region is not specified in the SQS notification then reuse the existing
S3 client instead of creating a new one based on an empty (unspecified) AWS
region name. This problem affected custom SQS notification formats that did
not specify a region name (like Crowdstrike FDR notifications).

This addresses errors like:

    S3 download failure: s3 GetObject failed: operation error S3: GetObject, resolve auth scheme: resolve endpoint: endpoint rule error, Invalid region: region was not a valid DNS name.

Fixes: elastic/integrations/#10647
Relates: #40309
(cherry picked from commit 6d25d46)
@mergify mergify bot mentioned this pull request Aug 27, 2024
Merged
6 tasks
andrewkroh added a commit that referenced this pull request Aug 27, 2024
@mergify @andrewkroh
x-pack/filebeat/inputs/awss3 - Handle SQS notification without region (
0788765 
…#40628) (#40632)

When a region is not specified in the SQS notification then reuse the existing
S3 client instead of creating a new one based on an empty (unspecified) AWS
region name. This problem affected custom SQS notification formats that did
not specify a region name (like Crowdstrike FDR notifications).

This addresses errors like:

    S3 download failure: s3 GetObject failed: operation error S3: GetObject, resolve auth scheme: resolve endpoint: endpoint rule error, Invalid region: region was not a valid DNS name.

Fixes: elastic/integrations/#10647
Relates: #40309

(cherry picked from commit 6d25d46)

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

+1 more reviewer

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@andrewkroh andrewkroh

Labels

aws Enable builds in the CI for aws cloud testing backport-8.15 Automated backport to the 8.15 branch with mergify bugfix Filebeat Filebeat Team:Observability Team:Security-Service Integrations Security Service Integrations Team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Stack 8.16.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: default in crowdstrike.fdr

4 participants

@andrewkroh @elasticmachine @chrisberkhout @kaiyan-sheng