IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Observability Guide [8.2] Send data to Elasticsearch Elastic Serverless Forwarder for AWS Deploy Elastic Serverless Forwarder
« Create and upload config.yaml to S3 bucket Deploy Elastic Serverless Forwarder from SAR »

Define deployment parametersedit

Whichever SAR deployment method you choose, you must define the following parameters correctly for your setup. This section explains the types of parameters and provides guidance on how to set them to match your deployment(s).

General configurationedit

These parameters define the general configuration and behaviour for the forwarder.

  • ElasticServerlessForwarderS3ConfigFile: Set this value to the location of your config.yaml in S3 URL format: s3://bucket-name/config-file-name. This will populate the S3_CONFIG_FILE environment variable for the forwarder.
  • ElasticServerlessForwarderSSMSecrets: Add a comma delimited list of AWS SSM Secrets ARNs used in the config.yml (if any).
  • ElasticServerlessForwarderKMSKeys: Add a comma delimited list of AWS KMS Keys ARNs to be used for decrypting AWS SSM Secrets, Kinesis Data Streams, SQS queue, or S3 buckets (if any).

Make sure you include all the KMS keys used to encrypt the data. For example, S3 buckets are often encrypted, so the Lambda function needs access to that key to get the object.

Inputsedit

These parameters define your specific Inputs or event triggers.

  • ElasticServerlessForwarderSQSEvents: Add a comma delimited list of Direct SQS queue ARNs to set as event triggers for the forwarder (if any).
  • ElasticServerlessForwarderS3SQSEvents: Add a comma delimited list of S3 SQS Event Notifications ARNs to set as event triggers for the forwarder (if any).
  • ElasticServerlessForwarderKinesisEvents: Add a comma delimited list of Kinesis Data Stream ARNs to set as event triggers for the forwarder (if any).
  • ElasticServerlessForwarderCloudWatchLogsEvents: Add a comma delimited list of Cloudwatch Logs log group ARNs to set subscription filters on the forwarder (if any).

Make sure you reference the ARNs specified in your config.yaml, and leave any settings for unused inputs blank.

S3 Bucket permissionsedit

These parameters define the permissions required in order to access the associated S3 Buckets.

  • ElasticServerlessForwarderS3Buckets: Add a comma delimited list of S3 bucket ARNs that are sources for the S3 SQS Event Notifications (if any).
Networkedit

These parameters define the network settings for your environment.

  • ElasticServerlessForwarderSecurityGroups: Add a comma delimited list of security group IDs to attach to the forwarder. Along with ElasticServerlessForwarderSubnets, these settings will define the AWS VPC the forwarder will belong to. Leave blank if you don’t want the forwarder to belong to any specific AWS VPC.
  • ElasticServerlessForwarderSubnets: Add a comma delimited list of subnet IDs for to the forwarder. Along with ElasticServerlessForwarderSecurityGroups, these settings will define the AWS VPC the forwarder will belong to. Leave blank if you don’t want the forwarder to belong to any specific AWS VPC.

If you are setting up an an AWS VPC for the forwarder, review the VPC prerequisites.

« Create and upload config.yaml to S3 bucket Deploy Elastic Serverless Forwarder from SAR »