diff --git a/docs/en/aws-deploy-elastic-serverless-forwarder.asciidoc b/docs/en/aws-deploy-elastic-serverless-forwarder.asciidoc index c3e84a55..5aa19de7 100644 --- a/docs/en/aws-deploy-elastic-serverless-forwarder.asciidoc +++ b/docs/en/aws-deploy-elastic-serverless-forwarder.asciidoc @@ -225,7 +225,7 @@ For `elasticsearch` the following arguments are supported: * `args.es_datastream_name`: Name of data stream or index where logs should be forwarded to. Lambda supports automatic routing of various {aws} service logs to the corresponding data streams for further processing and storage in the {es} cluster. It supports automatic routing of `aws.cloudtrail`, `aws.cloudwatch_logs`, `aws.elb_logs`, `aws.firewall_logs`, `aws.vpcflow`, and `aws.waf` logs. For other log types, if using data streams, you can optionally set its value in the configuration file according to the naming convention for data streams and available integrations. If the `es_datastream_name` is not specified and it cannot be matched with any of the above {aws} services, then the value will be set to `logs-generic-default`. In versions **v0.29.1** and below, this configuration parameter was named `es_index_or_datastream_name`. Rename the configuration parameter to `es_datastream_name` in your `config.yaml` file on the S3 bucket to continue using it in the future version. The older name `es_index_or_datastream_name` is deprecated as of version **v0.30.0**. The related backward compatibility code is removed from version **v1.0.0**. * `args.batch_max_actions`: (Optional) Maximum number of actions to send in a single bulk request. Default value: 500. * `args.batch_max_bytes`: (Optional) Maximum size in bytes to send in a single bulk request. Default value: 10485760 (10MB). - * `args.ssl_assert_fingerprint`: (Optional) SSL fingerprint for self-signed SSL certificate on HTTPS transport. + * `args.ssl_assert_fingerprint`: (Optional) SSL fingerprint for self-signed SSL certificate on HTTPS transport. The default value is an empty string, meaning the HTTP client requires a valid certificate. For `logstash` the following arguments are supported: @@ -234,7 +234,7 @@ For `logstash` the following arguments are supported: * `args.password`: (Optional) Password of the {ls} instance to connect to. Mandatory if HTTP Basic authentication is enabled in {ls}. * `args.max_batch_size`: (Optional) Maximum number of events to send in a single HTTP(s) request. Default value: 500 * `args.compression_level`: (Optional) The GZIP compression level for HTTP(s) requests towards {ls}. It can be any integer value between 1 (minimum compression, best performance, highest amount of bytes sent) and 9 (maximum compression, worst performance, lowest amount of bytes sent). Default value: 1 - * `args.ssl_assert_fingerprint`: (Optional) SSL fingerprint for self-signed SSL certificate on HTTPS transport. + * `args.ssl_assert_fingerprint`: (Optional) SSL fingerprint for self-signed SSL certificate on HTTPS transport. The default value is an empty string, meaning the HTTP client requires a valid certificate. [discrete] [[aws-serverless-forwarder-define-deploy-parameters]] diff --git a/docs/en/aws-elastic-serverless-forwarder-configuration.asciidoc b/docs/en/aws-elastic-serverless-forwarder-configuration.asciidoc index 4efef41f..8642186e 100644 --- a/docs/en/aws-elastic-serverless-forwarder-configuration.asciidoc +++ b/docs/en/aws-elastic-serverless-forwarder-configuration.asciidoc @@ -569,3 +569,76 @@ image:images/multiline-regexp-test-repl-main.png[Add your test message to Multil [role="screenshot"] image:images/multiline-regexp-test-repl-run.png[View the test results] + +[discrete] +[[aws-serverless-manage-self-signed-certificates]] +== Manage self-signed certificates + +From v1.5.0, ESF introduced the SSL fingerprint option to access Elasticsearch clusters using self-signed certificates. + +[discrete] +[[aws-serverless-manage-self-signed-certificates-config]] +=== Configuration options + +To set the `ssl_assert_fingerprint` option, you must edit the config file stored in the S3 bucket. + +Suppose you have a `config.yml` file stored in the bucket with the following content: + +[source, yaml] +---- +inputs: + - type: "s3-sqs" + id: "arn:aws:sqs:eu-west-1:123456789:dev-access-logs" + outputs: + - type: "elasticsearch" + args: + api_key: "" + es_datastream_name: "logs-aws.s3access-default" + batch_max_actions: 500 + batch_max_bytes: 10485760 + ssl_assert_fingerprint: "" +---- + +If the configuration omits the `ssl_assert_fingerprint` or, like in this example, is empty (the default option), the HTTP client validates the certificates of Elasticsearch clusters. + +[discrete] +[[aaws-serverless-manage-self-signed-certificates-get-ssl-fingerprint]] +=== Get the SSL fingerprint + +The next step is to get the fingerprint of the HTTPS certificate your Elasticsearch cluster is using now. + +You can use OpenSSL to get the fingerprint for your certificate. Here's an example using an Elasticsearch cluster hosted on Elastic Cloud: + +[source, shell] +---- +$ openssl s_client \ + -connect my-deployment.es.eastus2.azure.elastic-cloud.com:443 \ + -showcerts /dev/null | openssl x509 -noout -fingerprint + +SHA1 Fingerprint=1C:46:32:75:AA:D6:F1:E2:8E:10:A3:64:44:B1:36:C9:7D:44:35:B4 +---- + +You can use your DNS name, IP address, and port number instead of `my-deployment.es.eastus2.azure.elastic-cloud.com:443` from the above example. + +Copy your fingerprint value for the next step. + +[discrete] +[[aaws-serverless-manage-self-signed-certificates-set-ssl-fingerprint]] +=== Set the SSL fingerprint + +As a final step, edit your `config.yml` file to use the SSL fingerprint: + +[source, yaml] +---- +inputs: + - type: "s3-sqs" + id: "arn:aws:sqs:eu-west-1:123456789:dev-access-logs" + outputs: + - type: "elasticsearch" + args: + api_key: "" + es_datastream_name: "logs-aws.s3access-default" + batch_max_actions: 500 + batch_max_bytes: 10485760 + ssl_assert_fingerprint: "1C:46:32:75:AA:D6:F1:E2:8E:10:A3:64:44:B1:36:C9:7D:44:35:B4" +----