Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Connecting to AWS S3 issues

https://support.nagios.com/forum/viewtopic.php?t=60741

Page 1 of 1

Connecting to AWS S3 issues

Posted: Tue Nov 17, 2020 11:56 am
by freymish
Hello all,

I have the latest build of NagiosXI (5.7.5) on a VM at my house and I'm trying to set up a check of some S3 buckets in AWS. I know the server itself has access to the Internet and can do DNS checks and the like. When I run the Amazon S3 wizard (version 1.1.2) and enter a valid* Access Key ID and Secret Access Key and then click on the "Get Available Buckets" button I get the "There were no buckets found. Verify your AWS credentials and try again." message.

There're no outbound firewall restrictions but I don't know what ports or protocalls the plug-is using so there's potentially an issue on the AWS access list side.

Has anyone had success with this? Are there any caveats or "cheat codes" to get this to work? I am taking these instructions at face value


Any tips appreciated

Freymish

* I am getting the AWS credentials from my AWS account page using the "Command line or programmatic access" option. I can see S3 buckets and contents with that account via the Management console so I know I have the necessary access.

Re: Connecting to AWS S3 issues

Posted: Wed Nov 18, 2020 10:42 am
by dchurch
The S3 bucket check wants a credentials file stored in /usr/local/nagiosxi/etc/.aws/credentials or /usr/local/nagiosxi/etc/.aws/config

Code: Select all

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Are you using your main account credentials, or a non-privileged account? Are you sure the account has read access to that bucket?

It's recommended you set up a non-privileged account to do these checks, one with "Programmatic Access" to the S3 storage bucket. This creds file would need the credentials for that account.

Here's a good third-party video tutorial that takes you through the entire process.

Re: Connecting to AWS S3 issues

Posted: Wed Nov 18, 2020 2:48 pm
by freymish
I've tried it using the two fields as well as with the credentials file. The credentials file also has a session token field which is generated by AWS in the "Option 2: Add a profile to your AWS credentials file"

[12345_Developer]
aws_access_key_id=FAKEID4THIS
aws_secret_access_key=tESECRETKEY4info4goes4here890
aws_session_token=abcdef!@#$%/sdasd/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXblahblahblah///


I can use this same file with the CLI on the server and complete commands like 'aws s3 ls' or 'aws s3 ls s3://bucketname.domain.com/dir1/dir2/filename.pdf'

Here's the info on the file itself in case the rights need to be tweaked:

[root@localhost .aws]# ls -l
total 8
-rw-r-x--- 1 apache nagios 39 Nov 13 10:59 config
-rw-r-x--- 1 apache nagios 1062 Nov 18 08:08 credentials
[root@localhost .aws]# pwd
/usr/local/nagiosxi/etc/.aws

Re: Connecting to AWS S3 issues

Posted: Thu Nov 19, 2020 3:52 pm
by dchurch
Can you try running the following command in an SSH session?

Code: Select all

/usr/local/nagios/libexec/check_s3.py --changemode 'getbuckets' --credfile '/usr/local/nagiosxi/etc/.aws/credentials'
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited