Skip to content

Commit

Permalink
Fix index out of range error when getting AWS account name (#21101)
Browse files Browse the repository at this point in the history
* Fix index out of range error when getting AWS account name
  • Loading branch information
kaiyan-sheng authored Sep 17, 2020
1 parent 9cf36b7 commit 568fbff
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 19 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Update fields.yml in the azure module, missing metrics field. {pull}20918[20918]
- The `elasticsearch/index` metricset only requests wildcard expansion for hidden indices if the monitored Elasticsearch cluster supports it. {pull}20938[20938]
- Disable Kafka metricsets based on Jolokia by default. They require a different configuration. {pull}20989[20989]
- Fix panic index out of range error when getting AWS account name. {pull}21101[21101] {issue}21095[21095]
- Handle missing counters in the application_pool metricset. {pull}21071[21071]

*Packetbeat*
Expand Down
49 changes: 30 additions & 19 deletions x-pack/metricbeat/module/aws/aws.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/ec2"
"github.com/aws/aws-sdk-go-v2/service/ec2/ec2iface"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/iam/iamiface"
"github.com/aws/aws-sdk-go-v2/service/rds"
"github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
"github.com/aws/aws-sdk-go-v2/service/sts"
Expand Down Expand Up @@ -105,25 +106,6 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) {
awsConfig.Region = "us-east-1"
}

svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint(
config.AWSConfig.Endpoint, "iam", "", awsConfig))
req := svcIam.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{})
output, err := req.Send(context.TODO())
if err != nil {
base.Logger().Warn("failed to list account aliases, please check permission setting: ", err)
metricSet.AccountName = metricSet.AccountID
} else {
// When there is no account alias, account ID will be used as cloud.account.name
if len(output.AccountAliases) == 0 {
metricSet.AccountName = metricSet.AccountID
}

// There can be more than one aliases for each account, for now we are only
// collecting the first one.
metricSet.AccountName = output.AccountAliases[0]
base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName)
}

// Get IAM account id
svcSts := sts.New(awscommon.EnrichAWSConfigWithEndpoint(
config.AWSConfig.Endpoint, "sts", "", awsConfig))
Expand All @@ -136,6 +118,11 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) {
base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID)
}

// Get account name/alias
svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint(
config.AWSConfig.Endpoint, "iam", "", awsConfig))
metricSet.AccountName = getAccountName(svcIam, base, metricSet)

// Construct MetricSet with a full regions list
if config.Regions == nil {
svcEC2 := ec2.New(awscommon.EnrichAWSConfigWithEndpoint(
Expand Down Expand Up @@ -170,6 +157,30 @@ func getRegions(svc ec2iface.ClientAPI) (completeRegionsList []string, err error
return
}

func getAccountName(svc iamiface.ClientAPI, base mb.BaseMetricSet, metricSet MetricSet) string {
req := svc.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{})
output, err := req.Send(context.TODO())

accountName := metricSet.AccountID
if err != nil {
base.Logger().Warn("failed to list account aliases, please check permission setting: ", err)
return accountName
}

// When there is no account alias, account ID will be used as cloud.account.name
if len(output.AccountAliases) == 0 {
accountName = metricSet.AccountID
base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID)
return accountName
}

// There can be more than one aliases for each account, for now we are only
// collecting the first one.
accountName = output.AccountAliases[0]
base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName)
return accountName
}

// StringInSlice checks if a string is already exists in list and its location
func StringInSlice(str string, list []string) (bool, int) {
for idx, v := range list {
Expand Down

0 comments on commit 568fbff

Please sign in to comment.