The AWS integration at https://docs.elastic.co/en/integrations/aws states the following required permissions:
ec2:DescribeInstances
ec2:DescribeRegions
cloudwatch:GetMetricData
cloudwatch:ListMetrics
iam:ListAccountAliases
rds:DescribeDBInstances
rds:ListTagsForResource
s3:GetObject
sns:ListTopics
sqs:ChangeMessageVisibility
sqs:DeleteMessage
sqs:ListQueues
sqs:ReceiveMessage
sts:AssumeRole
sts:GetCallerIdentity
tag:GetResources
However, they are reportedly not sufficient and, furthermore, do not align with the Beats modules, which state the following additional permissions (at https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-cloudwatch.html and https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-aws-billing.html):
logs:DescribeLogGroups
logs:FilterLogEvents
ce:GetCostAndUsage
organizations:ListAccounts
It would be great to have correct and consistent documentation of the integrations to avoid confusion and frustration. Thank you.
The AWS integration at https://docs.elastic.co/en/integrations/aws states the following required permissions:
However, they are reportedly not sufficient and, furthermore, do not align with the Beats modules, which state the following additional permissions (at https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-cloudwatch.html and https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-aws-billing.html):
It would be great to have correct and consistent documentation of the integrations to avoid confusion and frustration. Thank you.