Skip to content

[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts#41188

Merged
Kavindu-Dodan merged 7 commits intoelastic:mainfrom
Kavindu-Dodan:feat/filebeat-support-linked-accounts
Oct 15, 2024
Merged

[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts#41188
Kavindu-Dodan merged 7 commits intoelastic:mainfrom
Kavindu-Dodan:feat/filebeat-support-linked-accounts

Conversation

@Kavindu-Dodan
Copy link
Copy Markdown
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Oct 9, 2024
edited by kaiyan-sheng
Loading

Proposed commit message

PR adds support to Cloudwatch logs from source linked accounts. This is implemented by using existing configuration log_group_arn and mapping it to LogGroupIdentifier of FilterLogEvents API [1]

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Note for reviewers

You could review commit by commit for better understanding of the changes

How to test this PR locally

This require a linked cloudwatch account. If already has one, then,

  • Push logs to a newly created log group OR use an already existing log group in a source account
    • Note - you may use data-gen Go program to generate and push logs to your log group (using output CLOUDWATCH_LOG) [2]
  • Configure filebeat cloudwatch input with log group ARN to log_group_arn
  • Run filebeat and observe filebeat logs in Kibana discover

Related issues

Addresses: #36642
And makes #36645 PR obsolete
closes #37681

Next step

Utilize includeLinkedAccounts when dealing with prefixes. To be done in a dedicated PR.

[1] - https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
[1] - https://github.com/Kavindu-Dodan/data-gen

@Kavindu-Dodan Kavindu-Dodan requested review from a team as code owners October 9, 2024 19:03
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 9, 2024
@Kavindu-Dodan Kavindu-Dodan added the Team:obs-ds-hosted-services Label for the Observability Hosted Services team label Oct 9, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 9, 2024
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 9, 2024

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 9, 2024

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Oct 9, 2024
@elastic elastic deleted a comment from mergify bot Oct 9, 2024
kaiyan-sheng
kaiyan-sheng reviewed Oct 9, 2024
View reviewed changes
@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Oct 10, 2024
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 10, 2024

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@pierrehilbert pierrehilbert requested a review from faec October 10, 2024 07:18
belimawr
belimawr reviewed Oct 10, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@belimawr belimawr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are just a couple of small things to fix:

@Kavindu-Dodan
use LogGroupIdentifier fiter instead of LogGroupName and related para…
dfd2e81 
…meter, field renaming

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
configuration parsing to support arn & linked accounts
15d3e9d 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
document the ARN usage
34325bb 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
add changelog entry
3d22e98 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
code review changes
e280d23 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/filebeat-support-linked-accounts branch from 90fb3d5 to e280d23 Compare October 10, 2024 14:29
@Kavindu-Dodan
Copy link
Copy Markdown
Contributor Author

Kavindu-Dodan commented Oct 10, 2024

@kaiyan-sheng @belimawr thanks for the reviews, I added proposed changes with my latest commit :) appreciate another look

kaiyan-sheng
kaiyan-sheng reviewed Oct 10, 2024
View reviewed changes
kaiyan-sheng
kaiyan-sheng reviewed Oct 10, 2024
View reviewed changes
@Kavindu-Dodan
code review change - fix typo
e8f2ef9 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
stefanhettich
stefanhettich reviewed Oct 10, 2024
View reviewed changes
@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 10, 2024
Closed
@Kavindu-Dodan
Copy link
Copy Markdown
Contributor Author

Kavindu-Dodan commented Oct 10, 2024

@belimawr appreciate another review from you :)

@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 11, 2024
Merged
6 tasks
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 14, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/filebeat-support-linked-accounts upstream/feat/filebeat-support-linked-accounts
git merge upstream/main
git push upstream feat/filebeat-support-linked-accounts

@Kavindu-Dodan Kavindu-Dodan merged commit 42f2d41 into elastic:main Oct 15, 2024
mergify bot pushed a commit that referenced this pull request Oct 15, 2024
@Kavindu-Dodan @mergify
[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linke…
ae4ae95 
…d accounts (#41188)

* use LogGroupIdentifier fiter instead of LogGroupName and related parameter, field renaming

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* configuration parsing to support arn & linked accounts

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* document the ARN usage

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review changes

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review change - fix typo

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
(cherry picked from commit 42f2d41)
@mergify mergify bot mentioned this pull request Oct 15, 2024
Merged
6 tasks
Kavindu-Dodan added a commit that referenced this pull request Oct 15, 2024
@mergify @Kavindu-Dodan
[8.x](backport #41188) [Filebeat] [AWS] Add support to source AWS clo…
048a8ea 
…udwatch logs from linked accounts (#41240)

* [Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts (#41188)

* use LogGroupIdentifier fiter instead of LogGroupName and related parameter, field renaming

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* configuration parsing to support arn & linked accounts

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* document the ARN usage

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review changes

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review change - fix typo

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
(cherry picked from commit 42f2d41)

* fix backport commit

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
Co-authored-by: Kavindu Dodanduwa <Kavindu-Dodan@users.noreply.github.com>
Co-authored-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@mergify mergify bot mentioned this pull request Oct 15, 2024
Merged
6 tasks
This was referenced Oct 15, 2024
Closed
Closed
@khushijain21 khushijain21 mentioned this pull request Jun 23, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@belimawr belimawr belimawr approved these changes

@leehinman leehinman Awaiting requested review from leehinman leehinman is a code owner automatically assigned from elastic/elastic-agent-data-plane

@faec faec Awaiting requested review from faec

+2 more reviewers

@stefanhettich stefanhettich stefanhettich left review comments

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Kavindu-Dodan Kavindu-Dodan

Labels

backport-8.x Automated backport to the 8.x branch with mergify enhancement Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:obs-ds-hosted-services Label for the Observability Hosted Services team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[AWS] Requests include loggroups from linked accounts

6 participants

@Kavindu-Dodan @elasticmachine @belimawr @stefanhettich @kaiyan-sheng @pierrehilbert