Skip to content

AWS Integration enable v9 Kibana support #12637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Feb 17, 2025
Merged

AWS Integration enable v9 Kibana support #12637

merged 17 commits into from
Feb 17, 2025

Conversation

gizas
Copy link
Contributor

@gizas gizas commented Feb 6, 2025

  • Enhancement

Proposed commit message

WHAT: Enabling support for AWS and AWS Custom Logs integrations for 9.0 version
WHY: Is needed in order to enable above integrations in version 9.0.0

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  1. Clone Pr
  2. elastic-package build with v0.109.1
  3. elastic-package stack up -d -v --version=9.0.0-SNAPSHOT to install a local ES
  4. Install an agent + Fleet with prementioned integrations enabled

Related issues

Screenshots

No errors in Fleet:

Screenshot 2025-02-06 at 11 48 09 AM

Cloudwatch Metrics:

Screenshot 2025-02-06 at 11 58 01 AM

Cloudwatch logs

Screenshot 2025-02-06 at 12 12 05 PM

AWS S3 Logs:

aws s3 acess

AWS Custom Logs Integration

Screenshot 2025-02-06 at 12 29 50 PM

@gizas
aws commit to enable v9 support
c574f06 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas gizas requested review from a team as code owners February 6, 2025 10:59
@gizas gizas added Integration:aws AWS Integration:aws_logs Custom AWS Logs Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels Feb 6, 2025
gizas
gizas commented Feb 6, 2025
View reviewed changes
packages/aws/data_stream/guardduty/elasticsearch/ingest_pipeline/default.yml
@@ -15,6 +15,11 @@ processors:
target_field: event.original
ignore_missing: true
if: 'ctx.event?.original == null'
- remove:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To remove errors for JSE0001:

Error: building package failed: invalid content found in built zip package: found 2 validation errors:
   1. file "/Users/andreasgkizas/elastic/integrations3/integrations/build/packages/aws-2.39.0.zip/data_stream/securityhub_insights/elasticsearch/ingest_pipeline/default.yml" is invalid: field processors.158.remove: if is required
   2. file "/Users/andreasgkizas/elastic/integrations3/integrations/build/packages/aws-2.39.0.zip/data_stream/securityhub_insights/elasticsearch/ingest_pipeline/default.yml" is invalid: field processors.158.remove.field: rename "message" to "event.original" processor requires remove "message" processor (JSE00001)

gizas
gizas commented Feb 6, 2025
View reviewed changes
packages/aws/validation.yml
@@ -1,4 +1,3 @@
errors:
exclude_checks:
- SVR00004 # References in dashboards.
- SVR00005 # Kibana version for saved tags.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed anymore, it can built without this

@elasticmachine
Copy link

elasticmachine commented Feb 6, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

@gizas
Copy link
Contributor Author

gizas commented Feb 6, 2025

/test stack 9.0.0-SNAPSHOT

@gizas
fixing prs
7e0215d 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas gizas mentioned this pull request Feb 6, 2025
Closed
14 tasks
@gizas gizas closed this Feb 7, 2025
@gizas gizas reopened this Feb 7, 2025
@gizas
Copy link
Contributor Author

gizas commented Feb 7, 2025

/test stack 9.0.0-SNAPSHOT

@elasticmachine
Copy link

⏳ Build in-progress, with failures

Failed CI Steps

@elasticmachine
Copy link

💔 Build Failed

Failed CI Steps

@gizas
Copy link
Contributor Author

gizas commented Feb 7, 2025

/test

@gizas
Copy link
Contributor Author

gizas commented Feb 7, 2025

/test stack 9.0.0-SNAPSHOT

@elasticmachine
Copy link

⏳ Build in-progress, with failures

Failed CI Steps

@gizas
Copy link
Contributor Author

gizas commented Feb 7, 2025

/test

1 similar comment
@gizas
Copy link
Contributor Author

gizas commented Feb 7, 2025

/test

@gizas
Copy link
Contributor Author

gizas commented Feb 10, 2025
edited
Loading

9.0.0 done as part of this #12503

@gizas gizas closed this Feb 10, 2025
@gizas
merging with main
6f95f85 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas gizas reopened this Feb 10, 2025
@gizas
Copy link
Contributor Author

gizas commented Feb 10, 2025

/test

gizas
gizas commented Feb 11, 2025
View reviewed changes
packages/aws/data_stream/waf/_dev/test/system/test-default-config.yml Outdated
@@ -7,7 +7,11 @@ vars:
skip_ignored_fields:
- aws.waf.terminating_rule_match_details.location
- aws.waf.non_terminating_matching_rules.ruleMatchDetails.location
- aws.waf.non_terminating_matching_rules.ruleMatchDetails.action
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@elastic/security-service-integrations team can you please help understand here why I have those failures?

See https://buildkite.com/elastic/integrations/builds/22118

@gizas
updating waf tests
d5a7e02 
Signed-off-by: Andreas Gkizas <[email protected]>
gizas
gizas commented Feb 11, 2025
View reviewed changes
packages/aws/data_stream/waf/fields/fields.yml
@@ -13,10 +13,59 @@
type: nested
description: |
The list of non-terminating rules in the rule group that match the request. These are always COUNT rules (non-terminating rules that match)
fields:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needed to solve the pipeline errors of https://buildkite.com/elastic/integrations/builds/22047

Big thanks to @zmoog for details

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this because these fields existed in the beats metricset and not incorporated for Integrations ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of this, for spec +3.0.1, subobject fields need to be explicitly defined.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specifically this: elastic/elastic-package#1489

gizas added 5 commits February 11, 2025 17:57
@gizas
updating waf tests
172cde4 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas
updating waf tests
35b2605 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas
updating waf tests
f54effa 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas
updating waf tests
beae77a 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas
updating waf tests1
61a0699 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas
Copy link
Contributor Author

gizas commented Feb 12, 2025

/test stack 9.0.0-SNAPSHOT

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Feb 12, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

@gizas
Copy link
Contributor Author

gizas commented Feb 12, 2025

@elastic/security-service-integrations can I have a review please?

kcreddy
kcreddy reviewed Feb 14, 2025
View reviewed changes
packages/aws/manifest.yml
@@ -1,7 +1,7 @@
format_version: 3.0.0
format_version: 3.3.1
Copy link
Contributor

@kcreddy kcreddy Feb 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per suggestion from: https://github.com/elastic/ingest-dev/issues/4484#issuecomment-2551112710

packages/aws/data_stream/waf/fields/fields.yml
@@ -13,10 +13,59 @@
type: nested
description: |
The list of non-terminating rules in the rule group that match the request. These are always COUNT rules (non-terminating rules that match)
fields:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specifically this: elastic/elastic-package#1489

@gizas
address comments
af7b741 
Signed-off-by: Andreas Gkizas <[email protected]>
@gizas
Copy link
Contributor Author

gizas commented Feb 14, 2025

/test stack 9.0.0-SNAPSHOT

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

@elasticmachine
Copy link

💚 Build Succeeded

@gizas
Copy link
Contributor Author

gizas commented Feb 17, 2025

@kcreddy a final review please ?

@gizas gizas merged commit f1b34ed into main Feb 17, 2025
7 checks passed
@gizas gizas deleted the awsenablement9 branch February 17, 2025 07:21
@elastic-vault-github-plugin-prod
Copy link

Package aws - 2.40.0 containing this change is available at https://epr.elastic.co/package/aws/2.40.0/

@elastic-vault-github-plugin-prod
Copy link

Package aws_logs - 1.7.0 containing this change is available at https://epr.elastic.co/package/aws_logs/1.7.0/

flexitrev pushed a commit that referenced this pull request Mar 20, 2025
@gizas @flexitrev
AWS Integration enable v9 Kibana support (#12637)
127cd6d 
* aws commit to enable v9 support

Signed-off-by: Andreas Gkizas <[email protected]>



---------

Signed-off-by: Andreas Gkizas <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

@MichaelKatsoulis MichaelKatsoulis MichaelKatsoulis approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

Assignees
No one assigned
Labels
Integration:aws_logs Custom AWS Logs Integration:aws AWS Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gizas @elasticmachine @kcreddy @MichaelKatsoulis @ishleenk17