Arsenio
02/07/2023, 8:17 PMKathy Satterlee
02/07/2023, 8:48 PMArsenio
02/07/2023, 8:57 PMKathy Satterlee
02/07/2023, 8:59 PMArsenio
02/07/2023, 9:14 PMKathy Satterlee
02/07/2023, 9:17 PMJohn Healy
03/13/2023, 3:39 PMKathy Satterlee
03/13/2023, 3:40 PMJohn Healy
03/13/2023, 3:53 PMosquery:
osquery_status_log_plugin: firehose
osquery_result_log_plugin: firehose
logging:
statusPlugin: firehose
resultPlugin: firehose
firehose:
region: "AWS_REGION"
accessKeyID: "FIREHOSE_ACCESS_KEY"
secretKey: FIREHOSE_SECRET_KEY
Or do we also need to include stsAssumeRoleARN, statusStream
and resultStream
Kathy Satterlee
03/13/2023, 3:58 PMJohn Healy
03/14/2023, 9:38 AM"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"firehose:DeleteDeliveryStream",
"firehose:PutRecord",
"firehose:PutRecordBatch",
"firehose:UpdateDestination"
Lucas Rodriguez
03/14/2023, 4:44 PMhttps://github.com/fleetdm/fleet/blob/main/terraform/addons/logging-destination-firehose/main.tf is a complete firehose-to-s3 example for use with the Fleet terraform module that Zach wrote and we have been extending over time.
John Healy
03/15/2023, 10:04 AMLucas Rodriguez
03/15/2023, 2:29 PMSo we just need to edit your example above?Yes. Here's a sample YAML with all the values needed: https://fleetdm.com/docs/deploying/configuration#example-yaml11
Also, is there there anywhere else we need to update the code to get results logs sent to firehose beside what I have mentioned above?No. AFAICS that should be it.