- Observability: other versions:
- What is Elastic Observability?
- What’s new in 7.16
- Send data to Elasticsearch
- Spin up the Elastic Stack
- Deploy Elastic Agent to send data
- Deploy Beats to send data
- Elastic Serverless Forwarder for AWS
- Deploy serverless forwarder
- Configuration options
- Troubleshooting
- Observability overview page
- Application performance monitoring (APM)
- Log monitoring
- Metrics monitoring
- Synthetic monitoring
- User Experience
- Explore data
- Alerting
- Cases
- CI/CD Observability
- Fields reference
- Tutorials
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Use AWS Secrets Manager
editUse AWS Secrets Manager
editAWS Secrets Manager enables you to replace hardcoded credentials in your code, including passwords, with an API call to Secrets Manager to retrieve the secret programmatically. For more info, refer to the AWS Secrets Manager documentation.
There are 2 types of secrets that can be used:
- SecretString (plain text or key/value pairs)
- SecretBinary
The following code shows API calls to AWS Secrets Manager:
inputs: - type: "s3-sqs" id: "arn:aws:sqs:%REGION%:%ACCOUNT%:%QUEUENAME%" outputs: - type: "elasticsearch" args: elasticsearch_url: "arn:aws:secretsmanager:eu-central-1:123456789:secret:es_url" username: "arn:aws:secretsmanager:eu-west-1:123456789:secret:es_secrets:username" password: "arn:aws:secretsmanager:eu-west-1:123456789:secret:es_secrets:password" es_datastream_name: "logs-generic-default"
To use a plain text or binary secret, note the following format for the ARN:
arn:aws:secretsmanager:AWS_REGION:AWS_ACCOUNT_ID:secret:SECRET_NAME
In order to use a key/value pair secret, you need to provide the key at the end of the arn, as per:
arn:aws:secretsmanager:AWS_REGION:AWS_ACCOUNT_ID:secret:SECRET_NAME:SECRET_KEY
-
Secrets from different regions are supported, but the only version currently retrieved for a secret is
AWSCURRENT
. - You cannot use the same secret for both plain text and key/value pairs.
- Secrets are case-sensitive.
-
Any configuration error or typo in the
config.yaml
file will be ignored (or exceptions raised) and secrets will not be retrieved. - Keys must exist in the AWS Secrets Manager.
- Empty values for a given key are not allowed.
Was this helpful?
Thank you for your feedback.