The provided script is capable of invoking the AWS SDK directly from within the Logstash environment, and is useful for validating the SDK's ability to use implicit credentials (such shared credentials from a discoverable file on disk or credentials made available to an EC2 instance by IMDS or ECS).
It does so by writing an object to an S3 bucket, which the implicit credentials it finds needs to have write access to.
Set up your enviroment with at minimum T_AWS_BUCKET
and T_AWS_REGION
, then invoke the ruby
executable that comes with Logstash, providing the above script by path:
export T_AWS_BUCKET="my-test-bucket-name"
export T_AWS_REGION="ca-central-1"
${LOGSTASH_HOME}/bin/ruby -e implicit-aws-s3-credentials-test.rb
Example output:
ubuntu@ip-172-31-0-138:~/wd$ logstash-8.4.3/bin/ruby implicit-aws-s3-credentials-test.rb Using bundled JDK: /home/ubuntu/wd/logstash-8.4.3/jdk Loading AWS SDK... --LOADED AWS SDK version 3.131.6 using ENV[T_AWS_BUCKET] : `my-test-bucket-name` using ENV[T_AWS_REGION] : `ca-central-1` using ENV[T_AWS_ENDPOINT] : `https://s3.ca-central-1.amazonaws.com/` (default) using ENV[T_AWS_SSEKMS_KEY_ID] : <UNSET> using ENV[T_AWS_SERVER_SIDE_ENCRYPTION] : <UNSET> using ENV[T_OBJECT_NAME] : `test-1672269598` (default) using ENV[T_OBJECT_CONTENTS] : `Test file generated at 2022-12-28 23:19:58 +0000` (default) SUCCESS: wrote test-1672269598 to my-test-bucket-name@ca-central-1
It may be helpful to use an environment-initializing shell script to export
the variables:
# REQUIRED SETTINGS export T_AWS_BUCKET="my-test-bucket-name" export T_AWS_REGION="ca-central-1" # OPTIONAL SETTINGS (uncomment to activate) # export T_AWS_ENDPOINT="https://my.aws.endpoint/" # export T_AWS_SSEKMS_KEY_ID="arn:aws:kms:ca-central-1:REDACTED:key/REDACTED" # export T_AWS_SERVER_SIDE_ENCRYPTION="aws:kms" # export T_OBJECT_NAME="my-test" # export T_OBJECT_CONTENTS="test file contents"
--
test-env.sh
This can be sourced into your current shell before executing the test:
(source test-env.sh && ${LOGSTASH_HOME}/bin/ruby -e implicit-aws-s3-credentials-test.rb)