Wazuh-indexer repository-s3 plugin
25 views
Skip to first unread message
Fernando André
Nov 20, 2025, 2:14:24 AM (3 days ago) Nov 20
to Wazuh | Mailing List
Hello,
I have installed repository-s3 plugin in a pre-built docker image for kubernetes,
the build went ok and I have the repository-s3 plugin installed and deployed.
Version of Wazuh: 4.10.1
Kubernetes based install using kustomize configuration from wazuh.
Actions done:
Have created a IRSA role and the service account associated with the pod.
Installed aws-cli for testing.
The problem:
repository-s3 plugin fails to connect to s3 bucket. Says it cannot find the IMDS Environment to connect to.
Debug done.
Using aws s3 ls s3://the-bucket
it works and I can even copy data to the bucket
Have disabled IMDS and tested with AWS_ Environment variables and aws-cli works again.
But wazuh-indexer still fails to connect to the bucket.
The variables used for testing without IRSA/IMDS
AWS_EC2_METADATA_DISABLED = true
name: AWS_ACCESS_KEY_ID
name: AWS_SECRET_ACCESS_KEY
I have not tried to use the wazuh indexer store has I do not know the best way to hide the variables in order to do a pre-built version with it or ran them later.
Any suggestions?
Best regards,
Jorest Brice Tankoua Njassep
Nov 20, 2025, 4:02:34 AM (3 days ago) Nov 20
to Wazuh | Mailing List
Hello Fernando,
Can you please share the link to the plugin you're using?
As from my knowledge you need the dependencies mentioned in this documentation page to achieve communication with S3.
The next steps of the integration can be found here
regards
Can you please share the link to the plugin you're using?
As from my knowledge you need the dependencies mentioned in this documentation page to achieve communication with S3.
The next steps of the integration can be found here
regards
André
Nov 20, 2025, 12:54:44 PM (3 days ago) Nov 20
to Jorest Brice Tankoua Njassep, Wazuh | Mailing List
I am using the opensearch-plugin to install the plugin
RUN echo "OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/" > /etc/sysconfig/wazuh-indexer && \
/usr/share/wazuh-indexer/bin/opensearch-plugin install --batch repository-s3
/usr/share/wazuh-indexer/bin/opensearch-plugin install --batch repository-s3
It installs, this is for the snapshot of the indexer to an s3 bucket.
I get the below error.
{"error":{"root_cause":[{"type":"repository_exception","reason":"[s3-bucket-stg]
Could not determine repository generation from root
blobs"}],"type":"repository_exception","reason":"[s3-bucket-stg] Could
not determine repository generation from root
blobs","caused_by":{"type":"i_o_exception","reason":"Exception when
listing blobs by prefix
[/snapshots/index-]","caused_by":{"type":"sdk_client_exception","reason":"Failed
to load credentials from
IMDS.","caused_by":{"type":"sdk_service_exception","reason":"Unauthorized"}}}},"status":500}
Could not determine repository generation from root
blobs"}],"type":"repository_exception","reason":"[s3-bucket-stg] Could
not determine repository generation from root
blobs","caused_by":{"type":"i_o_exception","reason":"Exception when
listing blobs by prefix
[/snapshots/index-]","caused_by":{"type":"sdk_client_exception","reason":"Failed
to load credentials from
IMDS.","caused_by":{"type":"sdk_service_exception","reason":"Unauthorized"}}}},"status":500}
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/C0veuoUQkQY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/791ac001-11b4-4cfa-a260-8e619513f018n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages