Hey friends For scheduled query results logging is there a w

Question

Hey friends For scheduled query results logging is there a way to specify a destination Kinesis stream in a different AWS account than the one in which Fleet is running i e Fleet is running in accountA My Destination Kinesis stream is in accountB

Kathy Satterlee · Answer

Hiya You can send those logs to another account just use the information for the destination you want to use for logging when <https fleetdm com docs deploying configuration kinesis|configuring the plugin>

pvirani · Answer

``` name FLEET OSQUERY RESULT LOG PLUGIN value firehose name FLEET FIREHOSE REGION value us west 2 name FLEET FIREHOSE RESULT STREAM value p8t osquery stage logs es ``` This is what I ve configured There doesn t seem to be a way to specify that the RESULT STREAM is in fact another account

pvirani · Answer

Fleet keeps searching for the stream inside the same account slightly smiling face and fails ofcourse

pvirani · Answer

tried changing the following ```FLEET FIREHOSE RESULT STREAM value lt ARN of the delivery stream in AccountB gt ``` but that doesn t work because the entire value just gets appended like so ``` arn aws firehose lt region gt lt AccountA gt deliverystream lt ARN of the delivery stream in AccountB gt ```

pvirani · Answer

I ll just create the stream inside AccountA I guess and configure cross account rules on my downstream destination instead but this cross account Kinesis stream option would be nice to have for sure

Kathy Satterlee · Answer

Sorry for any confusion there I saw `Kenesis` so I assumed that was your log destination plugin Let me dig in to firehose

Kathy Satterlee · Answer

You can also set your `firehose access key id` and `firehose secret access key` The details for that are here <https fleetdm com docs deploying configuration firehose>

Kathy Satterlee · Answer

Hope that s a little more helpful for you And that ll teach me not to assume