From 4fa76f72003fddbdef0edafbed8b336e9137a833 Mon Sep 17 00:00:00 2001
From: Kostas Stamatakis <moukoublen@gmail.com>
Date: Wed, 19 Nov 2025 14:08:34 +0200
Subject: [PATCH 1/2] [libbeat] aws auth method: fix service name and region
 overwrite (#47712)

(cherry picked from commit 183016ce92b86a0ada2e92ab8848c02d23954139)

# Conflicts:
#	x-pack/libbeat/common/aws/credentials_test.go
---
 x-pack/libbeat/common/aws/credentials_test.go |  5 ++++
 x-pack/libbeat/common/aws/signer.go           |  4 ++--
 x-pack/libbeat/common/aws/signer_test.go      | 23 +++++++++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/x-pack/libbeat/common/aws/credentials_test.go b/x-pack/libbeat/common/aws/credentials_test.go
index ce09aeac98b5..b3e0a5e7fe66 100644
--- a/x-pack/libbeat/common/aws/credentials_test.go
+++ b/x-pack/libbeat/common/aws/credentials_test.go
@@ -32,8 +32,13 @@ func TestInitializeAWSConfig(t *testing.T) {
 
 	assert.Equal(t, inputConfig.AccessKeyID, retrievedAWSConfig.AccessKeyID)
 	assert.Equal(t, inputConfig.SecretAccessKey, retrievedAWSConfig.SecretAccessKey)
+<<<<<<< HEAD
 	assert.True(t, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify) //nolint:errcheck // no need in test
 	assert.NotNil(t, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).Proxy)                            //nolint:errcheck // no need in test
+=======
+	assert.Equal(t, true, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify) //nolint:errcheck // no need in test
+	assert.NotNil(t, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).Proxy)                                   //nolint:errcheck // no need in test
+>>>>>>> 183016ce9 ([libbeat] aws auth method: fix service name and region overwrite (#47712))
 }
 
 func TestGetAWSCredentials(t *testing.T) {
diff --git a/x-pack/libbeat/common/aws/signer.go b/x-pack/libbeat/common/aws/signer.go
index 4f8bb79e1efe..74b17f7f27e7 100644
--- a/x-pack/libbeat/common/aws/signer.go
+++ b/x-pack/libbeat/common/aws/signer.go
@@ -81,8 +81,8 @@ func initializeSignerTransport(logger *logp.Logger, defaultServiceName string, d
 			})
 		}),
 		logger:      logger,
-		serviceName: defaultRegion,
-		region:      defaultServiceName,
+		serviceName: defaultServiceName,
+		region:      defaultRegion,
 		now:         time.Now,
 	}
 }
diff --git a/x-pack/libbeat/common/aws/signer_test.go b/x-pack/libbeat/common/aws/signer_test.go
index 405e630c1834..1ab2c9c9ad83 100644
--- a/x-pack/libbeat/common/aws/signer_test.go
+++ b/x-pack/libbeat/common/aws/signer_test.go
@@ -73,6 +73,26 @@ func TestSignerTransportRoundTrip(t *testing.T) {
 			},
 			expectedRequestBody: []byte{},
 		},
+		{
+			name:               "no body overwrite service name and region",
+			defaultServiceName: "guardduty",
+			defaultRegion:      "us-east-1",
+			url:                "https://guardduty2.us-east-2.amazonaws.com/detector/abc123/findings",
+			requestBody:        http.NoBody,
+			requestHeaders:     map[string]string{},
+			credentials:        fakeStaticCreds,
+			now:                now,
+			initMockRoundTripper: func(mrt *mockRoundTripper) {
+				mrt.On("RoundTrip", mock.Anything).Return(&http.Response{}, nil).Once()
+			},
+			expectError: false,
+			expectedRequestHeaders: map[string]string{
+				"Authorization":        "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20251011/us-east-1/guardduty/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=2bc3ea894efa9703ec95cac0bdcd6a1067a64636058b66e88640af2dc06ff2dd",
+				"X-Amz-Date":           "20251011T160000Z",
+				"X-Amz-Security-Token": "session",
+			},
+			expectedRequestBody: []byte{},
+		},
 		{
 			name:               "with body",
 			defaultServiceName: "",
@@ -128,6 +148,9 @@ func TestSignerTransportRoundTrip(t *testing.T) {
 			st := initializeSignerTransport(logger, tc.defaultServiceName, tc.defaultRegion, tc.credentials, &m)
 			st.now = tc.now
 
+			assert.Equal(t, tc.defaultServiceName, st.serviceName)
+			assert.Equal(t, tc.defaultRegion, st.region)
+
 			req, err := http.NewRequestWithContext(t.Context(), http.MethodGet, tc.url, tc.requestBody)
 			require.NoError(t, err)
 			for k, v := range tc.requestHeaders {

From bc3cafe36d7dcbf117ba0dc667596bdd9beeaa79 Mon Sep 17 00:00:00 2001
From: Oleg Sucharevich <oleg.sucharevich@elastic.co>
Date: Thu, 16 Apr 2026 08:56:04 -0500
Subject: [PATCH 2/2] Resolve conflict in credentials_test.go for #47712
 backport

The 8.19 branch already used assert.True (cleaner form) while the
cherry-pick from main used assert.Equal(t, true, ...). Both add the
same //nolint:errcheck comments. Keep the HEAD (8.19) assert.True form.

Closes conflict from: cherry-pick 183016ce92b86a0ada2e92ab8848c02d23954139
Backport of: https://github.com/elastic/beats/pull/47712
PR: https://github.com/elastic/beats/pull/50155
---
 x-pack/libbeat/common/aws/credentials_test.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/x-pack/libbeat/common/aws/credentials_test.go b/x-pack/libbeat/common/aws/credentials_test.go
index b3e0a5e7fe66..ce09aeac98b5 100644
--- a/x-pack/libbeat/common/aws/credentials_test.go
+++ b/x-pack/libbeat/common/aws/credentials_test.go
@@ -32,13 +32,8 @@ func TestInitializeAWSConfig(t *testing.T) {
 
 	assert.Equal(t, inputConfig.AccessKeyID, retrievedAWSConfig.AccessKeyID)
 	assert.Equal(t, inputConfig.SecretAccessKey, retrievedAWSConfig.SecretAccessKey)
-<<<<<<< HEAD
 	assert.True(t, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify) //nolint:errcheck // no need in test
 	assert.NotNil(t, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).Proxy)                            //nolint:errcheck // no need in test
-=======
-	assert.Equal(t, true, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify) //nolint:errcheck // no need in test
-	assert.NotNil(t, awsConfig.HTTPClient.(*http.Client).Transport.(*http.Transport).Proxy)                                   //nolint:errcheck // no need in test
->>>>>>> 183016ce9 ([libbeat] aws auth method: fix service name and region overwrite (#47712))
 }
 
 func TestGetAWSCredentials(t *testing.T) {