- Functionbeat Reference:
- Functionbeat overview
- Quick start: installation and configuration
- Set up and deploy
- Configure
- AWS functions
- Google functions
- General settings
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- rate_limit
- registered_domain
- rename
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- Regular expression support
- Instrumentation
- functionbeat.reference.yml
- How to guides
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get help
- Debug
- Common problems
- Deployment to AWS fails with "failed to create the stack"
- Deployment to AWS fails with "resource limit exceeded"
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
A newer version is available. For the latest information, see the
current release documentation.
IAM permissions required to deploy Functionbeat
editIAM permissions required to deploy Functionbeat
editThis section describes the minimum privileges or roles required to deploy functions to your cloud provider:
Permissions required by AWS
editThe list of required permissions depends on the type of events that you are collecting. Here are some example policies that grant the required privileges.
CloudWatch logs
editThe following policy grants the permissions required to deploy and run a Lambda function that collects events from CloudWatch logs.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:ValidateTemplate", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetRole", "iam:GetRolePolicy", "iam:PassRole", "iam:PutRolePolicy", "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:PutFunctionConcurrency", "lambda:RemovePermission", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:DeleteSubscriptionFilter", "logs:DescribeLogGroups", "logs:PutSubscriptionFilter", "s3:CreateBucket", "s3:DeleteObject", "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Resource": "*" } ] }
SQS and Kinesis
editThe following policy grants the permissions required to deploy and run a Lambda function that reads from SQS queues or Kinesis data streams.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:ValidateTemplate", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetRole", "iam:GetRolePolicy", "iam:PassRole", "iam:PutRolePolicy", "lambda:AddPermission", "lambda:CreateFunction", "lambda:CreateEventSourceMapping", "lambda:DeleteFunction", "lambda:DeleteEventSourceMapping", "lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:PutFunctionConcurrency", "lambda:RemovePermission", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "logs:DescribeLogGroups", "logs:CreateLogGroup", "s3:CreateBucket", "s3:DeleteObject", "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Resource": "*" } ] }
Roles required by Google Cloud Platform
editThe following roles are required to deploy Cloud Functions to Google Cloud Platform:
- Cloud Functions Developer
- Cloud Functions Service Agent
- Service Account User
- Storage Admin
- Storage Object Admin
On this page
Was this helpful?
Thank you for your feedback.