AWS Route 53

<div class="condensed-table">
| | |
| --- | --- |
| Version | 2.38.2 (View all) |
| Compatible Kibana version(s) | 8.16.2 or higher |
| Supported Serverless project types
What’s this? | Security
Observability |
| Subscription level
What’s this? | Basic |

</div>
The Route 53 integration allows you to monitor Amazon Route 53—a DNS web service.

Use the Route 53 integration to collect and parse logs related to DNS activity. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference logs when troubleshooting an issue.

For example, you could use the data from this integration to spot unusual activity in your network traffic routing. You could also use the data to troubleshoot the underlying issue by looking at additional context in the logs, such as the forwarding rules and DNS endpoints for relevant custom names.

Important

Extra AWS charges on API requests will be generated by this integration. Check API Requests for more details.

Data streams

The Route 53 integration collects one type of data: logs.

Logs help you keep a record of events happening in Amazon Route 53. This integration collects Public Hosted Zone logs and Resolver logs. Logs collected by the Route 53 integration include the names being queried, the highest registered domain, the DNS response code, the edge location that served the request, and more. See more details in the Logs reference.

Requirements

You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.

Before using any AWS integration you will need:

AWS Credentials to connect with your AWS account.
AWS Permissions to make sure the user you’re using to connect has permission to share the relevant data.

For more details about these requirements, please take a look at the AWS integration documentation.

Setup

Use this integration if you only need to collect data from the Route 53 service.

If you want to collect data from two or more AWS services, consider using the AWS integration. When you configure the AWS integration, you can collect data from as many AWS services as you’d like.

For step-by-step instructions on how to set up an integration, see the Getting started guide.

Advanced options

CloudWatch

The CloudWatch logs input has several advanced options to fit specific use cases.

Latency

AWS CloudWatch Logs sometimes takes extra time to make the latest logs available to clients like the Agent.

The CloudWatch integration offers the latency setting to address this scenario. Latency translates the query’s time range to consider the CloudWatch Logs latency. For example, a 5m latency means the integration will query CloudWatch for logs available 5 minutes ago.

Number of workers

If you are collecting log events from multiple log groups using log_group_name_prefix, you should review the value of the number_of_workers.

The number_of_workers setting defines the number of workers assigned to reading from log groups. Each log group matching the log_group_name_prefix requires a worker to keep log ingestion as close to real-time as possible. For example, if log_group_name_prefix matches five log groups, then number_of_workers should be set to 5. The default value is 1.

Logs reference

Public Hosted Zone logs

The route53_public_logs dataset collects information about public DNS queries that Route 53 receives.

Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response without forwarding the query to Route 53 until the TTL for the corresponding record expires.

Depending on how many DNS queries are submitted for a domain name (example.com) or subdomain name (www.example.com), which resolvers your users are using, and the TTL for the record, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS resolvers.

See the Route 53 Documentation for more information.

An example event for route53_public looks as following:

		{
    "@timestamp": "2017-12-13T08:16:05.744Z",
    "agent": {
        "ephemeral_id": "1cf87179-f6b3-44b0-a46f-3aa6bc0f995f",
        "id": "c00f804f-7a02-441b-88f4-aeb9da6410d9",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "8.0.0"
    },
    "aws": {
        "route53": {
            "edge_location": "JFK5",
            "hosted_zone_id": "Z123412341234"
        }
    },
    "awscloudwatch": {
        "ingestion_time": "2021-12-06T02:18:20.000Z",
        "log_group": "test",
        "log_stream": "test"
    },
    "cloud": {
        "provider": "aws",
        "region": "us-east-1"
    },
    "data_stream": {
        "dataset": "aws.route53_public_logs",
        "namespace": "default",
        "type": "logs"
    },
    "dns": {
        "question": {
            "name": "txt.example.com",
            "registered_domain": "example.com",
            "subdomain": "txt",
            "top_level_domain": "com",
            "type": "TXT"
        },
        "response_code": "NOERROR"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "c00f804f-7a02-441b-88f4-aeb9da6410d9",
        "snapshot": true,
        "version": "8.0.0"
    },
    "event": {
        "agent_id_status": "verified",
        "category": [
            "network"
        ],
        "dataset": "aws.route53_public_logs",
        "id": "36545504503447201576705984279898091551471012413796646912",
        "ingested": "2021-12-06T02:37:25Z",
        "kind": "event",
        "original": "1.0 2017-12-13T08:16:05.744Z Z123412341234 txt.example.com TXT NOERROR UDP JFK5 55.36.5.7 -",
        "outcome": "success",
        "type": [
            "protocol"
        ]
    },
    "input": {
        "type": "aws-cloudwatch"
    },
    "log.file.path": "test/test",
    "network": {
        "iana_number": "17",
        "protocol": "dns",
        "transport": "udp",
        "type": "ipv4"
    },
    "related": {
        "hosts": [
            "txt.example.com"
        ],
        "ip": [
            "55.36.5.7"
        ]
    },
    "source": {
        "address": "55.36.5.7",
        "as": {
            "number": 721,
            "organization": {
                "name": "DoD Network Information Center"
            }
        },
        "ip": "55.36.5.7"
    },
    "tags": [
        "preserve_original_event",
        "forwarded",
        "aws-route53-logs"
    ]
}

	

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Field	Description	Type
@timestamp	Event timestamp.	date
aws.edge_location	The edge location that served the request. Each edge location is identified by a three-letter code and an arbitrarily assigned number (for example, DFW3). The three-letter code typically corresponds with the International Air Transport Association (IATA) airport code for an airport near the edge location’s geographic location.	alias
aws.route53.edge_location	The Route 53 edge location that responded to the query. Each edge location is identified by a three-letter code and an arbitrary number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.)	keyword
aws.route53.edns_client_subnet	A partial IP address for the client that the request originated from, if available from the DNS resolver.	keyword
aws.route53.hosted_zone_id	The ID of the hosted zone that is associated with all the DNS queries in this log.	keyword
awscloudwatch.ingestion_time	AWS CloudWatch ingest time	date
awscloudwatch.log_group	AWS CloudWatch Log Group name	keyword
awscloudwatch.log_stream	AWS CloudWatch Log Stream name	keyword
cloud.image.id	Image ID for the cloud instance.	keyword
data_stream.dataset	Data stream dataset.	constant_keyword
data_stream.namespace	Data stream namespace.	constant_keyword
data_stream.type	Data stream type.	constant_keyword
event.module	Event module	constant_keyword
host.containerized	If the host is a container.	boolean
host.os.build	OS build information.	keyword
host.os.codename	OS codename, if any.	keyword
input.type	Type of Filebeat input.	keyword

Resolver logs

The route53_resolver_logs dataset collects all DNS queries & responses for:

Queries that originate in Amazon Virtual Private Cloud VPCs that you specify, as well as the responses to those DNS queries.
Queries from on-premises resources that use an inbound Resolver endpoint.
Queries that use an outbound Resolver endpoint for recursive DNS resolution.
Queries that use Route 53 Resolver DNS Firewall rules to block, allow, or monitor domain lists.

As is standard for DNS resolvers, resolvers cache DNS queries for a length of time determined by the time-to-live (TTL) for the resolver. The Route 53 Resolver caches queries that originate in your VPCs, and responds from the cache whenever possible to speed up responses. Resolver query logging logs only unique queries, not queries that Resolver is able to respond to from the cache.

For example, suppose that an EC2 instance in one of the VPCs that a query logging configuration is logging queries for, submits a request for accounting.example.com. Resolver caches the response to that query, and logs the query. If the same instance’s elastic network interface makes a query for accounting.example.com within the TTL of the Resolver’s cache, Resolver responds to the query from the cache. The second query is not logged.

See the Route 53 Documentation for more information.

An example event for route53_resolver looks as following:

		{
    "@timestamp": "2021-02-04T17:51:55.000Z",
    "agent": {
        "ephemeral_id": "a2625e6f-d625-4d5f-a950-0a88bea9fb17",
        "id": "acba78ef-1401-4689-977c-d8c2e5d6a8fa",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "8.10.1"
    },
    "aws": {
        "instance_id": "i-0d15cd0d3example",
        "route53": {
            "firewall": {
                "action": "BLOCK",
                "domain_list": {
                    "id": "rslvr-fdl-01234567890abcdef"
                },
                "rule_group": {
                    "id": "rslvr-frg-01234567890abcdef"
                }
            }
        },
        "s3": {
            "bucket": {
                "arn": "arn:aws:s3:::elastic-package-aws-bucket-91334",
                "name": "elastic-package-aws-bucket-91334"
            },
            "object": {
                "key": "route53.log"
            }
        },
        "vpc_id": "vpc-7example"
    },
    "cloud": {
        "account": {
            "id": "111122223333"
        },
        "instance": {
            "id": "i-0d15cd0d3example"
        },
        "provider": "aws",
        "region": "us-east-1"
    },
    "data_stream": {
        "dataset": "aws.route53_resolver_logs",
        "namespace": "ep",
        "type": "logs"
    },
    "dns": {
        "answers": [
            {
                "class": "IN",
                "data": "203.0.113.9",
                "type": "PTR"
            }
        ],
        "question": {
            "class": "IN",
            "name": "15.199.16.175.in-addr.arpa",
            "type": "PTR"
        },
        "response_code": "NOERROR"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "acba78ef-1401-4689-977c-d8c2e5d6a8fa",
        "snapshot": false,
        "version": "8.10.1"
    },
    "event": {
        "agent_id_status": "verified",
        "category": [
            "network"
        ],
        "dataset": "aws.route53_resolver_logs",
        "ingested": "2023-11-07T13:59:50Z",
        "kind": "event",
        "original": "{\"srcaddr\":\"81.2.69.143\",\"vpc_id\":\"vpc-7example\",\"answers\":[{\"Rdata\":\"203.0.113.9\",\"Type\":\"PTR\",\"Class\":\"IN\"}],\"firewall_rule_group_id\":\"rslvr-frg-01234567890abcdef\",\"firewall_rule_action\":\"BLOCK\",\"query_name\":\"15.199.16.175.in-addr.arpa.\",\"firewall_domain_list_id\":\"rslvr-fdl-01234567890abcdef\",\"query_class\":\"IN\",\"srcids\":{\"instance\":\"i-0d15cd0d3example\"},\"rcode\":\"NOERROR\",\"query_type\":\"PTR\",\"transport\":\"UDP\",\"version\":\"1.100000\",\"account_id\":\"111122223333\",\"srcport\":\"56067\",\"query_timestamp\":\"2021-02-04T17:51:55Z\",\"region\":\"us-east-1\"}",
        "outcome": "success",
        "type": [
            "protocol"
        ]
    },
    "input": {
        "type": "aws-s3"
    },
    "log": {
        "file": {
            "path": "https://elastic-package-aws-bucket-91334.s3.us-east-1.amazonaws.com/route53.log"
        },
        "offset": 12394
    },
    "network": {
        "iana_number": "17",
        "protocol": "dns",
        "transport": "udp",
        "type": "ipv4"
    },
    "related": {
        "hosts": [
            "203.0.113.9"
        ],
        "ip": [
            "81.2.69.143",
            "175.16.199.15"
        ]
    },
    "source": {
        "address": "81.2.69.143",
        "geo": {
            "city_name": "London",
            "continent_name": "Europe",
            "country_iso_code": "GB",
            "country_name": "United Kingdom",
            "location": {
                "lat": 51.5142,
                "lon": -0.0931
            },
            "region_iso_code": "GB-ENG",
            "region_name": "England"
        },
        "ip": "81.2.69.143",
        "port": 56067
    },
    "tags": [
        "preserve_original_event",
        "forwarded",
        "aws-route53_resolver-logs"
    ]
}

	

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Field	Description	Type
@timestamp	Event timestamp.	date
aws.instance_id	The ID of the instance that’s associated with network interface for which the traffic is recorded, if the instance is owned by you.	keyword
aws.route53.firewall.action	The action specified by the rule that matched the domain name in the query. This is populated only if DNS Firewall found a match for a rule with action set to alert or block.	keyword
aws.route53.firewall.domain_list.id	The domain list used by the rule that matched the domain name in the query. This is populated only if DNS Firewall found a match for a rule with action set to alert or block.	keyword
aws.route53.firewall.rule_group.id	The ID of the DNS Firewall rule group that matched the domain name in the query. This is populated only if DNS Firewall found a match for a rule with action set to alert or block.	keyword
aws.s3.bucket.arn	The AWS S3 bucket ARN.	keyword
aws.s3.bucket.name	The AWS S3 bucket name.	keyword
aws.s3.object.key	The AWS S3 Object key.	keyword
aws.vpc_id	The ID of the VPC that contains the network interface for which the traffic is recorded.	keyword
awscloudwatch.ingestion_time	AWS CloudWatch ingest time	date
awscloudwatch.log_group	AWS CloudWatch Log Group name	keyword
awscloudwatch.log_stream	AWS CloudWatch Log Stream name	keyword
cloud.image.id	Image ID for the cloud instance.	keyword
data_stream.dataset	Data stream dataset.	constant_keyword
data_stream.namespace	Data stream namespace.	constant_keyword
data_stream.type	Data stream type.	constant_keyword
event.module	Event module	constant_keyword
host.containerized	If the host is a container.	boolean
host.os.build	OS build information.	keyword
host.os.codename	OS codename, if any.	keyword
input.type	Type of Filebeat input.	keyword
log.offset	Log offset	long

Changelog

Version	Details	Kibana version(s)
2.38.2	pass:[] Bug fix (View pull request) Update links to getting started docs	8.16.2 or higher
2.38.1	pass:[] Enhancement (View pull request) Add missing category.	8.16.2 or higher
2.38.0	pass:[] Enhancement (View pull request) Add support for Access Point ARN when collecting logs via the AWS S3 Bucket.	8.16.2 or higher
2.37.0	pass:[] Enhancement (View pull request) Map aws.dimensions as object instead of flattened in CloudWatch metrics.	8.16.0 or higher
2.36.2	pass:[] Enhancement (View pull request) Include pipeline test examples to accommodate the new Cloudtrail format for the `CreateGroup` and `UpdateGroup` event types.	8.16.0 or higher
2.36.1	pass:[] Enhancement (View pull request) Add SQS API calls documentation and required S3 permissions.	8.16.0 or higher
2.36.0	pass:[] Enhancement (View pull request) Add ELB connection logs dashboards for application load balancers.	8.16.0 or higher
2.35.0	pass:[] Enhancement (View pull request) Add the support for connection logs for AWS ELB dataset for Application Load Balancers.	8.16.0 or higher
2.34.0	pass:[] Enhancement (View pull request) Add Lambda Event Source Mapping metrics and improve Lambda dashboard to display the new metrics.	8.16.0 or higher
2.33.0	pass:[] Enhancement (View pull request) Add option to check linked accounts when using log group prefixes to derive matching log groups	8.16.0 or higher
2.32.0	pass:[] Bug fix (View pull request) Implemented grok processor based parsing for ipv6 & ipv4 addresses in the AWS CloudFront logs. pass:[] Enhancement (View pull request) Auto formatted various text descriptions and newlines across all data streams via elastic-package.	8.16.0 or higher
2.31.4	pass:[] Bug fix (View pull request) Update documentation with required permissions for AWS Inspector.	8.16.0 or higher
2.31.3	pass:[] Bug fix (View pull request) Removed the `reducedTimeRange` filter from the AWS Billing Total Estimated Charges lens to ensure value is displayed.	8.16.0 or higher
2.31.2	pass:[] Bug fix (View pull request) Add the support for listeners with ALPN policy extension in ELB dataset for Network Load Balancers.	8.16.0 or higher
2.31.1	pass:[] Bug fix (View pull request) Add `cloud.provider`, `event.kind`, and `observer.vendor` fields to _source as needed by CDR workflows.	8.16.0 or higher
2.31.0	pass:[] Enhancement (View pull request) Improve support for Cloud Detection and Response (CDR) workflows in securityhub_findings data stream.	8.16.0 or higher
2.30.3	pass:[] Enhancement (View pull request) Map aws.dimensions as object instead of flattened in CloudWatch metrics (backported from 2.37.0)	8.15.2 or higher
2.30.2	pass:[] Bug fix (View pull request) Add the support for listeners with ALPN policy extension in ELB dataset for Network Load Balancers.	8.15.2 or higher
2.30.1	pass:[] Bug fix (View pull request) Update the AWS dashboard panels.	8.15.2 or higher
2.30.0	pass:[] Enhancement (View pull request) Support configuring the Owning Account	8.15.2 or higher
2.29.0	pass:[] Enhancement (View pull request) Add mapping for the service.runtimeDetails fields in GuardDuty events.	8.15.0 or higher
2.28.0	pass:[] Enhancement (View pull request) Add reference to AWS API requests and pricing information.	8.15.0 or higher
2.27.0	pass:[] Enhancement (View pull request) Improve ingest pipeline error reporting.	8.15.0 or higher
2.26.0	pass:[] Enhancement (View pull request) Add more data to related.entity field.	8.15.0 or higher
2.26.0-preview01	pass:[] Enhancement (View pull request) Add related.entity field.	—
2.25.1	pass:[] Bug fix (View pull request) Add aws.metrics_names_fingerprint field and mark it as a dimension.	8.14.0 or higher
2.25.0	pass:[] Enhancement (View pull request) Allow @custom pipeline access to event.original without setting preserve_original_event.	8.14.0 or higher
2.24.3	pass:[] Bug fix (View pull request) Fix aws.metrics_names_fingerprint field.	8.14.0 or higher
2.24.2	pass:[] Bug fix (View pull request) Add aws.metrics_names_fingerprint.	8.14.0 or higher
2.24.1	pass:[] Bug fix (View pull request) Fixed and refactored AWS cloudfront log parsing.	8.14.0 or higher
2.24.0	pass:[] Enhancement (View pull request) Add dot_expander processor into metrics ingest pipeline.	8.14.0 or higher
2.23.0	pass:[] Enhancement (View pull request) Split the current AWS ELB dashboard into 3 separate dashboards, each focusing on a specific type of load balancer ELB, ALB, and NLB.	8.14.0 or higher
2.22.1	pass:[] Bug fix (View pull request) Update max_number_of_messages parameter description	8.14.0 or higher
2.22.0	pass:[] Enhancement (View pull request) Add global dataset filter for dashboards to improve performance.	8.14.0 or higher
2.21.0	pass:[] Enhancement (View pull request) Fix route53 public logs grok pattern.	8.14.0 or higher
2.20.0	pass:[] Enhancement (View pull request) Add S3 polling option to data streams use aws-s3 input	8.14.0 or higher
2.19.0	pass:[] Enhancement (View pull request) Add a visualization panel to display the Inbound and Outbound traffic of Application load balancers.	8.14.0 or higher
2.18.0	pass:[] Enhancement (View pull request) Add AWS Health integration.	8.14.0 or higher
2.17.0	pass:[] Enhancement (View pull request) ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.	8.13.0 or higher
2.16.0	pass:[] Enhancement (View pull request) Add TargetResponseTime metric to ELB Application metrics.	8.12.0 or higher
2.15.4	pass:[] Bug fix (View pull request) Fix AWS Network Firewall title and description.	8.12.0 or higher
2.15.3	pass:[] Enhancement (View pull request) Add endpoint + region variables to all SQS based AWS integrations.	8.12.0 or higher
2.15.2	pass:[] Bug fix (View pull request) Fix AWS Cloudtrail resources field processing.	8.12.0 or higher
2.15.1	pass:[] Bug fix (View pull request) Don’t index empty AWS Security Hub responses.	8.12.0 or higher
2.15.0	pass:[] Enhancement (View pull request) Adds async event age and drops metrics, and implements sum aggregation for existing lambda metrics.	8.12.0 or higher
2.14.2	pass:[] Bug fix (View pull request) Update aggregation function for AWS lambda invocation metric.	8.12.0 or higher
2.14.1	pass:[] Enhancement (View pull request) Document billing data stream limitations.	8.12.0 or higher
2.14.0	pass:[] Enhancement (View pull request) Add ability to set processors and leader election on AWS Billing.	8.12.0 or higher
2.13.1	pass:[] Enhancement (View pull request) Update latency parameter description	8.12.0 or higher
2.13.0	pass:[] Enhancement (View pull request) Add Amazon MSK integration	8.12.0 or higher
2.12.2	pass:[] Bug fix (View pull request) Fix an issue were the "_id" field was being used to aggregate data in Severity Over Time dashboard.	8.12.0 or higher
2.12.1	pass:[] Enhancement (View pull request) Add cloudsecurity_cdr sub category label.	8.12.0 or higher
2.12.0	pass:[] Enhancement (View pull request) Enable secret for the sensitive fields.	8.12.0 or higher
2.11.3	pass:[] Bug fix (View pull request) Fix query range calculation for GuardDuty datastream.	8.10.2 or higher
2.11.2	pass:[] Bug fix (View pull request) Remove hardcoded event.dataset field and use ecs instead.	8.10.2 or higher
2.11.1	pass:[] Enhancement (View pull request) Improve wording on milliseconds.	8.10.2 or higher
2.11.0	pass:[] Enhancement (View pull request) Convert Total Estimated Charges panel to new metric visualization.	8.10.2 or higher
2.10.2	pass:[] Bug fix (View pull request) Fix dimensions fingerprint field	8.10.2 or higher
2.10.1	pass:[] Bug fix (View pull request) Fix exclude_files pattern.	8.10.2 or higher
2.10.0	pass:[] Enhancement (View pull request) Convert "AWS Redshift metrics overview" visualizations to new metric.	8.10.2 or higher
2.9.1	pass:[] Bug fix (View pull request) Change SQS metrics statistic method, which includes changing ApproximateAgeOfOldestMessage from average to max, changing NumberOfMessagesDeleted, NumberOfEmptyReceives, NumberOfMessagesReceived and NumberOfMessagesSent from average to sum.	8.9.0 or higher
2.9.0	pass:[] Enhancement (View pull request) Limit request tracer log count to five.	8.9.0 or higher
2.8.6	pass:[] Bug fix (View pull request) Add missing fields from beats input	8.9.0 or higher
2.8.5	pass:[] Enhancement (View pull request) Update donut charts with pie for better representation	8.9.0 or higher
2.8.4	pass:[] Bug fix (View pull request) Remove unused aws..metrics..* and aws.s3.bucket.name	8.9.0 or higher
2.8.3	pass:[] Bug fix (View pull request) Include documentation and mappings for subfields of dns.answers pass:[] Bug fix (View pull request) Fix mapping for tags and dynamic metric fields	8.9.0 or higher
2.8.2	pass:[] Bug fix (View pull request) Add null checks and ignore_missing checks to the rename processor	8.9.0 or higher
2.8.1	pass:[] Bug fix (View pull request) Fix incorrect billing metrics displayed under AWS Billing overview dashboard.	8.9.0 or higher
2.8.0	pass:[] Enhancement (View pull request) Allow configuration of TLD for guardduty, inspector, and security hub datastreams.	8.9.0 or higher
2.7.0	pass:[] Enhancement (View pull request) Add tags.yml file so that integration’s dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI. pass:[] Enhancement (View pull request) Upgrade package spec to 3.0.0. pass:[] Bug fix (View pull request) Fix duplicated and invalid field definitions. pass:[] Bug fix (View pull request) Add missing dashboard filters.	8.9.0 or higher
2.6.1	pass:[] Bug fix (View pull request) Fix AWS API Gateway logs dashboard lens	8.9.0 or higher
2.6.0	pass:[] Enhancement (View pull request) ECS version updated to 8.10.0.	8.9.0 or higher
2.5.0	pass:[] Enhancement (View pull request) Update Cloudtrail datastream to support tlsDetails field	8.9.0 or higher
2.4.1	pass:[] Bug fix (View pull request) Fix Security Hub Findings to abide by ECS allowed values.	8.9.0 or higher
2.4.0	pass:[] Bug fix (View pull request) Add AWS API Gateway metrics dashboards for each API type and additional filters which ensure data consistency	8.9.0 or higher
2.3.0	pass:[] Enhancement (View pull request) Change include_linked_accounts default to true	8.9.0 or higher
2.2.1	pass:[] Bug fix (View pull request) Fix GuardDuty API call parameter.	8.9.0 or higher
2.2.0	pass:[] Enhancement (View pull request) Add AWS API Gateway metrics dashboard Stage filter, control groups and clean up	8.9.0 or higher
2.1.2	pass:[] Bug fix (View pull request) Fix AWS API Gateway metrics dashboard	8.9.0 or higher
2.1.1	pass:[] Enhancement (View pull request) Improve AWS API Gateway dashboard	8.9.0 or higher
2.1.0	pass:[] Enhancement (View pull request) Enable TSDB by default for EC2 metrics data stream. This improves storage usage and query performance. For more details, see docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md.	8.9.0 or higher
2.0.0	pass:[] Enhancement (View pull request) Remove deprecated option for "Cloudwatch via S3"from the AWS CloudWatch integration. If you are using it take note that logs WON’T BE ingested via this route anymore once you update.	8.9.0 or higher
1.53.5	pass:[] Enhancement (View pull request) Set metric type in EC2 data stream fields.	8.9.0 or higher
1.53.4	pass:[] Enhancement (View pull request) Add dimension fields to EC2 data stream.	8.9.0 or higher
1.53.3	pass:[] Enhancement (View pull request) Add missing fields definition for ec2	8.9.0 or higher
1.53.2	pass:[] Bug fix (View pull request) Remove the remove processor since rename processor removes old field already.	8.9.0 or higher
1.53.1	pass:[] Enhancement (View pull request) Disable TSDB on AWS Billing.	8.9.0 or higher
1.53.0	pass:[] Enhancement (View pull request) Add AWS API Gateway custom acccess logging fields.	8.9.0 or higher
1.52.1	pass:[] Enhancement (View pull request) Use default color for AWS dashboards metric charts.	8.9.0 or higher
1.52.0	pass:[] Enhancement (View pull request) Enable TSDB by default for cloudwatch metrics data stream. This improves storage usage and query performance. For more details, see docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md.	8.9.0 or higher
1.51.3	pass:[] Bug fix (View pull request) Remove hardcoded event.dataset field and use ecs instead.	8.8.1 or higher
1.51.2	pass:[] Enhancement (View pull request) Disable TSDB on AWS Billing.	8.8.1 or higher
1.51.1	pass:[] Enhancement (View pull request) Use object metric type for the cloudwatch metrics	8.8.1 or higher
1.51.0	pass:[] Enhancement (View pull request) Add standalone S3 option for vpcflow	8.8.1 or higher
1.50.6	pass:[] Enhancement (View pull request) Add metric_type metadata to the cloudwatch data_stream	8.8.1 or higher
1.50.5	pass:[] Enhancement (View pull request) Migrate AWS Security Hub dashboards to lens.	8.8.1 or higher
1.50.4	pass:[] Enhancement (View pull request) Migrate AWS VPC dashboard visualizations to lens.	8.8.1 or higher
1.50.3	pass:[] Enhancement (View pull request) Add EMR logs dashboard.	8.8.1 or higher
1.50.2	pass:[] Enhancement (View pull request) Migrate AWS Billing dashboard visualizations to lens.	8.8.1 or higher
1.50.1	pass:[] Enhancement (View pull request) Add AWS API Gateway logs dashboard.	8.8.1 or higher
1.50.0	pass:[] Enhancement (View pull request) Add EMR logs data stream.	8.8.1 or higher
1.49.0	pass:[] Enhancement (View pull request) Add API Gateway logs datastream	8.8.1 or higher
1.48.0	pass:[] Enhancement (View pull request) Adding missing fields for the CloudTrail datastream - add option for standalone S3 bucket	8.8.1 or higher
1.47.1	pass:[] Enhancement (View pull request) Migrate AWS Redshift dashboard input controls.	8.8.1 or higher
1.47.0	pass:[] Enhancement (View pull request) Migrate AWS S3 Server Access Log Overview dashboard visualizations to lens.	8.8.1 or higher
1.46.9	pass:[] Enhancement (View pull request) Migrate AWS Network Firewall dashboard input controls.	8.8.1 or higher
1.46.8	pass:[] Enhancement (View pull request) Add dimensions metadata to the cloudwatch data_stream	8.8.1 or higher
1.46.7	pass:[] Enhancement (View pull request) Enable time series data streams for the API Gateway and EMR data streams. This improves storage usage and query performance. For more details, see docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md.	8.8.1 or higher
1.46.6	pass:[] Enhancement (View pull request) Update metric type and set dimension fields for AWS EMR data stream.	8.8.1 or higher
1.46.5	pass:[] Enhancement (View pull request) Fix metric type for API Gateway metric fields.	8.8.1 or higher
1.46.4	pass:[] Enhancement (View pull request) Set dimensions fields for API Gateway data stream.	—
1.46.3	pass:[] Enhancement (View pull request) Add missing S3 fields for vpcflow	8.8.1 or higher
1.46.2	pass:[] Enhancement (View pull request) Enable time series data streams for the S3 daily storage and S3 request datasets. This improves storage usage and query performance. For more details, see docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md.	8.8.1 or higher
1.46.1	pass:[] Enhancement (View pull request) Enable time series data streams for the Usage dataset. This improves storage usage and query performance. For more details, see docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md.	8.8.1 or higher
1.46.0	pass:[] Enhancement (View pull request) Enable time series data streams for the metrics datasets Billing, DynamoDB, EBS, ECS, ELB, Firewall, Kinesis, Lambda, NAT gateway, RDS, Redshift, S3 Storage Lens, SNS, SQS, Transit Gateway and VPN. This improves storage usage and query performance. For more details, see docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md.	8.8.1 or higher
1.45.9	pass:[] Enhancement (View pull request) Add new fingerprint dimension to AWS Billing.	8.8.1 or higher
1.45.8	pass:[] Enhancement (View pull request) Add metric_type metadata to s3_daily_storage and s3_request data streams.	8.8.1 or higher
1.45.7	pass:[] Enhancement (View pull request) Add dimension fields metadata to s3_request and s3_data_storage data streams to support TSDB	8.8.1 or higher
1.45.6	pass:[] Enhancement (View pull request) Add metric type to S3 Storage Lens.	8.8.1 or higher
1.45.4	pass:[] Enhancement (View pull request) Set dimension fields for S3 Storage Lens.	8.8.1 or higher
1.45.3	pass:[] Bug fix (View pull request) Remove aws.dimensions.* from package-fields.yml	8.8.1 or higher
1.45.2	pass:[] Enhancement (View pull request) Add AWS EMR metrics dashboard.	8.8.1 or higher
1.45.1	pass:[] Enhancement (View pull request) Add AWS API Gateway dashboard.	8.8.1 or higher
1.45.0	pass:[] Enhancement (View pull request) Add AWS EMR metrics data stream.	8.8.1 or higher
1.44.4	pass:[] Enhancement (View pull request) Migrate AWS Metric Overview dashboard visualizations to lens.	8.8.1 or higher
1.44.3	pass:[] Enhancement (View pull request) Migrate AWS ELB Access Log dashboard visualizations to lens.	8.8.1 or higher
1.44.2	pass:[] Bug fix (View pull request) Fix image link in readme	8.8.1 or higher
1.44.1	pass:[] Enhancement (View pull request) Migrate AWS TransitGateway metrics dashboard to lenses.	8.8.1 or higher
1.44.0	pass:[] Enhancement (View pull request) Add permissions to reroute events to logs-- for cloudwatch_logs and ec2_logs datastream.	8.8.1 or higher
1.43.2	pass:[] Enhancement (View pull request) Add documentation for latency parameter	8.8.1 or higher
1.43.1	pass:[] Enhancement (View pull request) Add tags_filter and include_linked_accounts config parameter in missing metric data streams.	8.8.1 or higher
1.43.0	pass:[] Enhancement (View pull request) Add include_linked_accounts config parameter for metrics data streams.	8.8.1 or higher
1.42.0	pass:[] Enhancement (View pull request) Add field agent.id to be set as dimension for TSDB migration.	8.7.1 or higher
1.41.0	pass:[] Enhancement (View pull request) Migrate AWS NATGateway metrics dashboard visualizations to lenses.	8.7.1 or higher
1.40.9	pass:[] Enhancement (View pull request) Migrate AWS ELB metrics dashboard visualizations to lenses.	8.7.1 or higher
1.40.8	pass:[] Enhancement (View pull request) Migrate EC2 metrics dashboard visualizations to lenses.	8.7.1 or higher
1.40.7	pass:[] Enhancement (View pull request) Add AWS Firewall metrics dashboard input control groups.	8.7.1 or higher
1.40.6	pass:[] Enhancement (View pull request) Migrate AWS S3 Storage Lens dashboard visualizations to lens.	8.7.1 or higher
1.40.5	pass:[] Enhancement (View pull request) Migrate Usage Overview dashboard to lenses.	8.7.1 or higher
1.40.4	pass:[] Enhancement (View pull request) Migrate AWS CloudTrail dashboard visualizations to lenses.	8.7.1 or higher
1.40.3	pass:[] Enhancement (View pull request) Add fields metric type to usage, dynamoDB and ELB data streams.	8.7.1 or higher
1.40.2	pass:[] Enhancement (View pull request) Replace aws.rds.db_instance.identifier with aws.dimensions.DBInstanceIdentifier in RDS dashboard.	8.7.1 or higher
1.40.1	pass:[] Enhancement (View pull request) Add link to main AWS requirements in all integrations page.	8.7.1 or higher
1.40.0	pass:[] Enhancement (View pull request) Add metric type to SNS, SQS and Billing data streams.	8.7.1 or higher
1.39.0	pass:[] Enhancement (View pull request) Add AWS API Gateway data stream.	8.7.1 or higher
1.38.4	pass:[] Enhancement (View pull request) Add dimension fields to billing, sns and sqs data streams.	8.7.1 or higher
1.38.3	pass:[] Enhancement (View pull request) Add dimension fields to firewall, transit gateway and vpn data streams.	8.7.1 or higher
1.38.2	pass:[] Enhancement (View pull request) Add metric type to vpn, firewall and transit gateway data streams.	8.7.1 or higher
1.38.1	pass:[] Enhancement (View pull request) Add metric type to RDS data stream.	8.7.1 or higher
1.38.0	pass:[] Enhancement (View pull request) Add dimensions to RDS data stream.	8.7.1 or higher
1.37.3	pass:[] Bug fix (View pull request) Fix incorrect fields on multiple visualizations.	8.7.1 or higher
1.37.2	pass:[] Enhancement (View pull request) Migrate AWS RDS metrics dashboard to lenses.	8.7.1 or higher
1.37.1	pass:[] Enhancement (View pull request) Migrate AWS SNS dashboard visualizations to lenses.	8.7.1 or higher
1.37.0	pass:[] Enhancement (View pull request) Migrate AWS SQS metrics dashboard visualizations to lenses.	8.7.1 or higher
1.36.9	pass:[] Enhancement (View pull request) Migrate AWS VPN metrics dashboard to lenses.	8.7.1 or higher
1.36.8	pass:[] Enhancement (View pull request) Add dimension fields to usage, dynamoDB and ELB data streams.	8.7.1 or higher
1.36.7	pass:[] Enhancement (View pull request) Add dimension fields to Lambda data stream for TSDB support.	8.7.1 or higher
1.36.6	pass:[] Enhancement (View pull request) Add metric type to natgateway data stream fields.	8.7.1 or higher
1.36.5	pass:[] Enhancement (View pull request) Add metric type to EBS fields.	8.7.1 or higher
1.36.4	pass:[] Enhancement (View pull request) Add support for TSDB on kinesis data stream (metric type).	8.7.1 or higher
1.36.3	pass:[] Enhancement (View pull request) Add dimensions to Redshift data stream.	8.7.1 or higher
1.36.2	pass:[] Enhancement (View pull request) Add metric type mapping to Redshift data stream.	8.7.1 or higher
1.36.1	pass:[] Enhancement (View pull request) Add dimension fields to natgateway data stream.	8.7.1 or higher
1.36.0	pass:[] Enhancement (View pull request) Add metric type to Lambda fields.	8.7.1 or higher
1.35.1	pass:[] Bug fix (View pull request) Fix typo in field name causing erroneous timestamp detection on the s3access data stream.	8.7.1 or higher
1.35.0	pass:[] Enhancement (View pull request) Add a new flag to enable request tracing on `httpjson` based input	8.7.1 or higher
1.34.5	pass:[] Enhancement (View pull request) Migrate AWS Lambda metrics dashboard visualizations to lenses.	8.6.0 or higher
1.34.4	pass:[] Enhancement (View pull request) Migrate AWS DynamoDB metrics dashboard visualizations to lenses.	8.6.0 or higher
1.34.3	pass:[] Enhancement (View pull request) Add field metric type to ECS data stream.	8.6.0 or higher
1.34.2	pass:[] Enhancement (View pull request) Add dimension fields to Kinesis datastream.	8.6.0 or higher
1.34.1	pass:[] Enhancement (View pull request) Add dimension fields to ECS datastream for TSDB support.	8.6.0 or higher
1.34.0	pass:[] Enhancement (View pull request) Add dimensions to EBS data stream.	8.6.0 or higher
1.33.3	pass:[] Enhancement (View pull request) Add number_of_workers and latency to all CloudWatch Logs based integrations.	8.6.0 or higher
1.33.2	pass:[] Bug fix (View pull request) Add missing permissions in the AWS Billing integration documentation.	8.6.0 or higher
1.33.1	pass:[] Bug fix (View pull request) Add missing permissions in the AWS CloudWatch Logs integration documentation.	8.6.0 or higher
1.33.0	pass:[] Enhancement (View pull request) Add latency configuration option on the CloudWatch Logs integration.	8.6.0 or higher
1.32.2	pass:[] Bug fix (View pull request) Fix a minor documentation format issue.	8.6.0 or higher
1.32.1	pass:[] Enhancement (View pull request) Added categories and/or subcategories.	8.6.0 or higher
1.32.0	pass:[] Enhancement (View pull request) Migrate AWS EBS dashboard visualizations to lenses.	8.6.0 or higher
1.31.0	pass:[] Enhancement (View pull request) Add a data stream for Amazon GuardDuty.	8.6.0 or higher
1.30.0	pass:[] Enhancement (View pull request) Add dashboards data streams filters.	8.6.0 or higher
1.29.1	pass:[] Bug fix (View pull request) Drop comments from CloudFront loglines	8.6.0 or higher
1.29.0	pass:[] Enhancement (View pull request) Add data_granularity parameter and rename period title to Collection Period.	8.6.0 or higher
1.28.3	pass:[] Bug fix (View pull request) Remove quotes from VPC flow log message field and move dot_expander processor to top	8.4.0 or higher
1.28.2	pass:[] Bug fix (View pull request) Add dot_expander processor to expand all fields with dot into object fields pass:[] Bug fix (View pull request) Support VPC flow log with message field	8.4.0 or higher
1.28.1	pass:[] Enhancement (View pull request) Adjust kinesis integration to kinesis data stream	8.4.0 or higher
1.28.0	pass:[] Enhancement (View pull request) Enhance S3 integration dashboard	8.4.0 or higher
1.27.3	pass:[] Bug fix (View pull request) Support multiple forwarded IPs in cloudfront integration	8.4.0 or higher
1.27.2	pass:[] Enhancement (View pull request) Update the pagination termination condition.	8.4.0 or higher
1.27.1	pass:[] Enhancement (View pull request) Added a Summary Dashboard for AWS Security Hub.	8.4.0 or higher
1.27.0	pass:[] Enhancement (View pull request) Add Inspector data stream.	8.4.0 or higher
1.25.3	pass:[] Bug fix (View pull request) Remove duplicate fields from agent.yml and use ecs.yml for ECS fields	8.3.0 or higher
1.25.2	pass:[] Bug fix (View pull request) Update ec2 fields.yml doc	8.3.0 or higher
1.25.1	pass:[] Bug fix (View pull request) Remove duplicate content_type config that causes errors while configurating the integration.	8.3.0 or higher
1.25.0	pass:[] Enhancement (View pull request) Force content type where json content is expected	8.3.0 or higher
1.24.6	pass:[] Bug fix (View pull request) Enhance Kinesis integration dashboard	8.3.0 or higher
1.24.5	pass:[] Bug fix (View pull request) Allow adding multiple processors in cloudfront logs.	8.3.0 or higher
1.24.4	pass:[] Bug fix (View pull request) Do not rely on dynamodb lightweight module metricset.	8.3.0 or higher
1.24.3	pass:[] Bug fix (View pull request) Fix adding processors in cloudfront logs.	8.3.0 or higher
1.24.2	pass:[] Bug fix (View pull request) Fix billing datastream agent template.	8.3.0 or higher
1.24.1	pass:[] Bug fix (View pull request) Fix aws.cloudtrail.request_id parsing	8.3.0 or higher
1.24.0	pass:[] Bug fix (View pull request) Expose Default Region setting to UI	8.3.0 or higher
1.23.4	pass:[] Bug fix (View pull request) Set default endpoint to empty string	8.3.0 or higher
1.23.3	pass:[] Bug fix (View pull request) Fix Billing Dashboard	8.3.0 or higher
1.23.2	pass:[] Bug fix (View pull request) Fix EC2 dashboard	8.3.0 or higher
1.23.1	pass:[] Enhancement (View pull request) Update all AWS documentation.	8.1.0 or higher
1.23.0	pass:[] Bug fix (View pull request) Fix file.path field in cloudtrail data stream to use json.digestS3Object	8.1.0 or higher
1.22.0	pass:[] Enhancement (View pull request) Update `cloud.region` parsing	8.1.0 or higher
1.21.0	pass:[] Enhancement (View pull request) Add Security Hub Findings and Insights data streams	8.1.0 or higher
1.20.0	pass:[] Enhancement (View pull request) Improve dashboards by removing individual visualizations from library	8.1.0 or higher
1.19.5	pass:[] Enhancement (View pull request) Move ebs metrics config from beats to integrations	7.15.0 or higher 8.0.0 or higher
1.19.4	pass:[] Bug fix (View pull request) Fix proxy URL documentation rendering.	7.15.0 or higher 8.0.0 or higher
1.19.3	pass:[] Bug fix (View pull request) Update sample_event.json in kinesis data stream	7.15.0 or higher 8.0.0 or higher
1.19.2	pass:[] Enhancement (View pull request) Move NATGateway metrics config from beats to integrations	7.15.0 or higher 8.0.0 or higher
1.19.1	pass:[] Enhancement (View pull request) Move Transit Gateway metrics config from beats to integrations	7.15.0 or higher 8.0.0 or higher
1.19.0	pass:[] Enhancement (View pull request) Add Kinesis metrics datastream	7.15.0 or higher 8.0.0 or higher
1.18.2	pass:[] Enhancement (View pull request) Move s3_request metrics config from beats to integrations pass:[] Enhancement (View pull request) Move s3_daily_storage metrics config from beats to integrations pass:[] Enhancement (View pull request) Move SQS metrics config from beats to integrations pass:[] Enhancement (View pull request) Move SNS metrics config from beats to integrations pass:[] Enhancement (View pull request) Move lambda metrics config from beats to integrations	7.15.0 or higher 8.0.0 or higher
1.18.1	pass:[] Enhancement (View pull request) Release AWS billing integration as GA	7.15.0 or higher 8.0.0 or higher
1.18.0	pass:[] Enhancement (View pull request) Add ECS metricset pass:[] Bug fix (View pull request) Fix incorrect fields on multiple visualizations	7.15.0 or higher 8.0.0 or higher
1.17.5	pass:[] Enhancement (View pull request) Release Amazon Redshift integration as GA	7.15.0 or higher 8.0.0 or higher
1.17.4	pass:[] Bug fix (View pull request) Fix data_stream.dataset indentation on cloudwatch_logs integration	7.15.0 or higher 8.0.0 or higher
1.17.3	pass:[] Bug fix (View pull request) Add missing endpoint config to metrics datasets. pass:[] Enhancement (View pull request) Move usage metrics config from beats to integrations pass:[] Enhancement (View pull request) Move dynamodb metrics config from beats to integrations	7.15.0 or higher 8.0.0 or higher
1.17.2	pass:[] Bug fix (View pull request) Improve support for event.original field from upstream forwarders.	7.15.0 or higher 8.0.0 or higher
1.17.1	pass:[] Bug fix (View pull request) Fix misspelling of Log Stream Prefix variable in manifest for aws-cloudwatch input	7.15.0 or higher 8.0.0 or higher
1.17.0	pass:[] Enhancement (View pull request) Added Redshift integration	7.15.0 or higher 8.0.0 or higher
1.16.6	pass:[] Enhancement (View pull request) Update documentation with additional context for new users.	7.15.0 or higher 8.0.0 or higher
1.16.5	pass:[] Enhancement (View pull request) Move ELB metrics config from beats to integrations	—
1.16.4	pass:[] Bug fix (View pull request) Fix ELB dataset to parse URLs with spaces pass:[] Enhancement (View pull request) Upgrade ECS to 8.2.0	7.15.0 or higher 8.0.0 or higher
1.16.3	pass:[] Enhancement (View pull request) Move RDS metrics config from beats to integrations	—
1.16.2	pass:[] Enhancement (View pull request) Move EC2 metrics config from beats to integrations	—
1.16.1	pass:[] Bug fix (View pull request) Fix invalid values for ECS fields in vpcflow	—
1.16.0	pass:[] Enhancement (View pull request) Move VPN configuration file into integrations and add tag collection	7.15.0 or higher 8.0.0 or higher
1.15.0	pass:[] Enhancement (View pull request) Deprecate s3 input in cloudwatch integration pass:[] Enhancement (View pull request) Improve description for cloudwatch integration	—
1.14.8	pass:[] Bug fix (View pull request) Fix http.response.status_code to accept 000	7.15.0 or higher 8.0.0 or higher
1.14.7	pass:[] Bug fix (View pull request) Fix aws.dimensions.* for rds data stream pass:[] Bug fix (View pull request) Fix aws.dimensions.* for sns data stream pass:[] Bug fix (View pull request) Add aws.dimensions.* for dynamodb data stream	7.15.0 or higher 8.0.0 or higher
1.14.6	pass:[] Enhancement (View pull request) Improve s3 integration tile title and description	—
1.14.5	pass:[] Bug fix (View pull request) Fix duplicate titles for integrations	7.15.0 or higher 8.0.0 or higher
1.14.4	pass:[] Bug fix (View pull request) Fix cloudfront integration grok pattern	—
1.14.3	pass:[] Enhancement (View pull request) Add new pattern to VPC Flow logs including all 29 v5 fields	—
1.14.2	pass:[] Bug fix (View pull request) Fix billing dashboard.	—
1.14.1	pass:[] Enhancement (View pull request) Add documentation for multi-fields	—
1.14.0	pass:[] Enhancement (View pull request) Add configuration for max_number_of_messages to the aws.firewall_logs S3 input.	7.15.0 or higher 8.0.0 or higher
1.13.1	pass:[] Bug fix (View pull request) Fix metricbeat- reference in dashboard	7.15.0 or higher 8.0.0 or higher
1.13.0	pass:[] Enhancement (View pull request) Compress dashboard screenshots.	7.15.0 or higher 8.0.0 or higher
1.12.1	pass:[] Bug fix (View pull request) Fix field mapping conflicts in the elb_logs data stream relating to ECS fields (`trace.id`, `source.port`, and a few others).	7.15.0 or higher 8.0.0 or higher
1.12.0	pass:[] Enhancement (View pull request) Add CloudFront Logs Datastream	—
1.11.4	pass:[] Bug fix (View pull request) Add Ingest Pipeline script to map IANA Protocol Numbers	—
1.11.3	pass:[] Bug fix (View pull request) Changing missing ecs versions to 8.0.0	—
1.11.2	pass:[] Bug fix (View pull request) Add data_stream.dataset option for custom aws-cloudwatch log input	—
1.11.1	pass:[] Bug fix (View pull request) Update permission list	—
1.11.0	pass:[] Enhancement (View pull request) Update to ECS 8.0	7.15.0 or higher 8.0.0 or higher
1.10.2	pass:[] Enhancement (View pull request) Change cloudwatch metrics and logs default to false	7.15.0 or higher 8.0.0 or higher
1.10.1	pass:[] Enhancement (View pull request) Add description of supported vpcflow formats	—
1.10.0	pass:[] Enhancement (View pull request) Add cloudwatch input into AWS package for log collection	—
1.9.0	pass:[] Enhancement (View pull request) Add Route 53 Resolver Logs Datastream	7.15.0 or higher 8.0.0 or higher
1.8.0	pass:[] Enhancement (View pull request) Add Route 53 Public Zone Logs Datastream	—
1.7.1	pass:[] Bug fix (View pull request) Regenerate test files using the new GeoIP database	—
1.7.0	pass:[] Enhancement (View pull request) Add integration for AWS Network Firewall	—
1.6.2	pass:[] Bug fix (View pull request) Change test public IPs to the supported subset	—
1.6.1	pass:[] Enhancement (View pull request) Fix the value of event.created in CloudTrail data stream.	7.15.0 or higher 8.0.0 or higher
1.6.0	pass:[] Enhancement (View pull request) Add max_number_of_messages config option to AWS S3 input config.	—
1.5.1	pass:[] Enhancement (View pull request) Add missing sample events	7.15.0 or higher 8.0.0 or higher
1.5.0	pass:[] Enhancement (View pull request) Support Kibana 8.0	7.15.0 or higher 8.0.0 or higher
1.4.1	pass:[] Enhancement (View pull request) Add Overview dashboard for AWS S3 Storage Lens	7.15.0 or higher
1.4.0	pass:[] Enhancement (View pull request) Add integration for AWS S3 Storage Lens	—
1.3.2	pass:[] Enhancement (View pull request) Uniform with guidelines	—
1.3.1	pass:[] Enhancement (View pull request) Add config parameter descriptions	—
1.3.0	pass:[] Enhancement (View pull request) Add WAF datastream	—
1.2.2	pass:[] Bug fix (View pull request) Prevent pipeline script error	—
1.2.1	pass:[] Bug fix (View pull request) Fix logic that checks for the forwarded tag	—
1.2.0	pass:[] Enhancement (View pull request) Update to ECS 1.12.0	—
1.1.0	pass:[] Enhancement (View pull request) vpcflow sync with filebeat fileset	7.14.0 or higher
1.0.0	pass:[] Enhancement (View pull request) Release AWS as GA	7.14.0 or higher
0.10.7	pass:[] Enhancement (View pull request) Add proxy config	—
0.10.6	pass:[] Bug fix (View pull request) Fix aws.billing.EstimatedCharges field name	—
0.10.5	pass:[] Bug fix (View pull request) Add event.created field	—
0.10.4	pass:[] Enhancement (View pull request) Improve RDS dashboard	—
0.10.3	pass:[] Enhancement (View pull request) Convert to generated ECS fields	—
0.10.2	pass:[] Enhancement (View pull request) update to ECS 1.11.0	—
0.10.1	pass:[] Enhancement (View pull request) Escape special characters in docs	—
0.10.0	pass:[] Enhancement (View pull request) Update integration description	—
0.9.3	pass:[] Bug fix (View pull request) Fix categories for each policy template	—
0.9.2	pass:[] Enhancement (View pull request) Add linked account information into billing metricset	—
0.9.1	pass:[] Bug fix (View pull request) Fix `aws.s3access` pipeline when remote IP is a `-`	—
0.9.0	pass:[] Enhancement (View pull request) Change default credential options to access keys	—
0.8.0	pass:[] Enhancement (View pull request) Set "event.module" and "event.dataset"	—
0.7.0	pass:[] Enhancement (View pull request) Introduce granularity using input_groups	—
0.6.4	pass:[] Enhancement (View pull request) Add support for Splunk authorization tokens	—
0.6.3	pass:[] Bug fix (View pull request) Fix bug in Third Party ingest pipeline	—
0.6.2	pass:[] Bug fix (View pull request) Removed incorrect `http.request.referrer` field from elb logs	—
0.6.1	pass:[] Enhancement (View pull request) Add support for CloudTrail Digest & Insight logs	—
0.6.0	pass:[] Enhancement (View pull request) Update ECS version, add event.original and preparing for package GA	—
0.5.6	pass:[] Bug fix (View pull request) Fix stack compatability	—
0.5.5	pass:[] Enhancement (View pull request) Allow role_arn work with access keys for AWS	—
0.5.4	pass:[] Enhancement (View pull request) Rename s3 input to aws-s3.	—
0.5.3	pass:[] Enhancement (View pull request) Add missing "geo" fields	—
0.5.2	pass:[] Enhancement (View pull request) update to ECS 1.9.0	—
0.5.1	pass:[] Bug fix (View pull request) Ignore missing "json" field in ingest pipeline	—
0.5.0	pass:[] Enhancement (View pull request) Moving edge processors to ingest pipeline	—
0.4.2	pass:[] Enhancement (View pull request) Updating package owner	—
0.4.1	pass:[] Bug fix (View pull request) Correct sample event file.	—
0.4.0	pass:[] Enhancement (View pull request) Add changes to use ECS 1.8 fields.	—
0.0.3	pass:[] Enhancement (View pull request) initial release	—