英文:
How to hide s3 bucket and access key credentials from fluentd config file
问题
我们正在使用Fluentd将来自本地服务器的日志发送到S3存储桶。以下是我的Fluentd配置文件中的代码配置部分。
所以想知道是否有办法在Fluentd配置文件中隐藏/保护我们的敏感信息,比如aws_key_id、aws_sec_key和s3_bucket?请建议。谢谢!
@type s3
aws_key_id YOUR_AWS_KEY_ID
aws_sec_key YOUR_AWS_SECRET/KEY
s3_bucket YOUR_S3_BUCKET_NAME
path logs/
<buffer>
@type file
path /var/log/td-agent/s3
timekey 3600 # 1 hour
timekey_wait 10m
chunk_limit_size 256m
</buffer>
time_slice_format %Y%m%d%H
</match>```
<details>
<summary>英文:</summary>
We are sending the logs from on-prem servers to the S3 bucket by using Fluentd. The below code configuration is from my Fluentd config file.
So wondering is there a way to mask/hide/secure our sensitive information like aws_key_id, aws_sec_key, and s3_bucket from the Fluentd config file? Please advise. Thanks!
```<match s3.*.*>
@type s3
aws_key_id YOUR_AWS_KEY_ID
aws_sec_key YOUR_AWS_SECRET/KEY
s3_bucket YOUR_S3_BUCKET_NAME
path logs/
<buffer>
@type file
path /var/log/td-agent/s3
timekey 3600 # 1 hour
timekey_wait 10m
chunk_limit_size 256m
</buffer>
time_slice_format %Y%m%d%H
</match>```
</details>
# 答案1
**得分**: 1
使用共享凭证部分来指定配置文件名称或凭证文件的路径。默认情况下,“default”是配置文件名称,路径指向“#{user.home}/.aws/credentials”。
https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md
存储桶名称似乎是必需的
<match *>
@type s3
<shared_credentials>
path 路径
profile_name 配置文件名称
</shared_credentials>
</match>
<details>
<summary>英文:</summary>
Use the shared credentials section to specify the profile name or path to the credentials file. By default "default" is the profile name and the path points to "#{user.home}/.aws/credentials".
https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md
The bucket name looks to be mandatory
<match *>
@type s3
<shared_credentials>
path PATH
profile_name PROFILE_NAME
</shared_credentials>
</match>
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论