Hello all,
I have the latest build of NagiosXI (5.7.5) on a VM at my house and I'm trying to set up a check of some S3 buckets in AWS. I know the server itself has access to the Internet and can do DNS checks and the like. When I run the Amazon S3 wizard (version 1.1.2) and enter a valid* Access Key ID and Secret Access Key and then click on the "Get Available Buckets" button I get the "There were no buckets found. Verify your AWS credentials and try again." message.
There're no outbound firewall restrictions but I don't know what ports or protocalls the plug-is using so there's potentially an issue on the AWS access list side.
Has anyone had success with this? Are there any caveats or "cheat codes" to get this to work? I am taking these instructions at face value
Any tips appreciated
Freymish
* I am getting the AWS credentials from my AWS account page using the "Command line or programmatic access" option. I can see S3 buckets and contents with that account via the Management console so I know I have the necessary access.
Connecting to AWS S3 issues
Re: Connecting to AWS S3 issues
The S3 bucket check wants a credentials file stored in /usr/local/nagiosxi/etc/.aws/credentials or /usr/local/nagiosxi/etc/.aws/config
Are you using your main account credentials, or a non-privileged account? Are you sure the account has read access to that bucket?
It's recommended you set up a non-privileged account to do these checks, one with "Programmatic Access" to the S3 storage bucket. This creds file would need the credentials for that account.
Here's a good third-party video tutorial that takes you through the entire process.
Code: Select all
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
It's recommended you set up a non-privileged account to do these checks, one with "Programmatic Access" to the S3 storage bucket. This creds file would need the credentials for that account.
Here's a good third-party video tutorial that takes you through the entire process.
If you didn't get an 8% raise over the course of the pandemic, you took a pay cut.
Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.
Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.
Re: Connecting to AWS S3 issues
I've tried it using the two fields as well as with the credentials file. The credentials file also has a session token field which is generated by AWS in the "Option 2: Add a profile to your AWS credentials file"
[12345_Developer]
aws_access_key_id=FAKEID4THIS
aws_secret_access_key=tESECRETKEY4info4goes4here890
aws_session_token=abcdef!@#$%/sdasd/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXblahblahblah///
I can use this same file with the CLI on the server and complete commands like 'aws s3 ls' or 'aws s3 ls s3://bucketname.domain.com/dir1/dir2/filename.pdf'
Here's the info on the file itself in case the rights need to be tweaked:
[root@localhost .aws]# ls -l
total 8
-rw-r-x--- 1 apache nagios 39 Nov 13 10:59 config
-rw-r-x--- 1 apache nagios 1062 Nov 18 08:08 credentials
[root@localhost .aws]# pwd
/usr/local/nagiosxi/etc/.aws
[12345_Developer]
aws_access_key_id=FAKEID4THIS
aws_secret_access_key=tESECRETKEY4info4goes4here890
aws_session_token=abcdef!@#$%/sdasd/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXblahblahblah///
I can use this same file with the CLI on the server and complete commands like 'aws s3 ls' or 'aws s3 ls s3://bucketname.domain.com/dir1/dir2/filename.pdf'
Here's the info on the file itself in case the rights need to be tweaked:
[root@localhost .aws]# ls -l
total 8
-rw-r-x--- 1 apache nagios 39 Nov 13 10:59 config
-rw-r-x--- 1 apache nagios 1062 Nov 18 08:08 credentials
[root@localhost .aws]# pwd
/usr/local/nagiosxi/etc/.aws
Re: Connecting to AWS S3 issues
Can you try running the following command in an SSH session?
Code: Select all
/usr/local/nagios/libexec/check_s3.py --changemode 'getbuckets' --credfile '/usr/local/nagiosxi/etc/.aws/credentials'If you didn't get an 8% raise over the course of the pandemic, you took a pay cut.
Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.
Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.