Skip to main content

Forwarding Command

Use beacon endpoint s3 to generate AWS S3 forwarding content for Beacon endpoint events. The generated pack keeps Beacon as a local JSONL producer and helps your customer-managed Vector agent upload runtime.jsonl to an S3 bucket as gzip-compressed NDJSON. Beacon does not store AWS credentials, profiles, IAM roles, bucket policies, lifecycle rules, or encryption settings in endpoint configuration. Keep those values in AWS, Vector, endpoint-management policy, or deployment tooling. For packaged macOS MDM deployments, the managed S3 helper can persist MDM-injected AWS provider-chain environment variables to the root-owned Vector environment file used by launchd.
Command syntax

Commands

beacon endpoint s3 print-config

Print the Vector AWS S3 forwarding template for the configured runtime log.

beacon endpoint s3 install-pack

Write AWS S3 forwarding content to a directory.

beacon endpoint s3 validate

Write and describe a Beacon AWS S3 validation event.

Runtime log paths

beacon endpoint s3 print-config

beacon endpoint s3 print-config prints a Vector configuration that tails the selected Beacon runtime JSONL log and writes gzip-compressed NDJSON objects to AWS S3.
Print the configuration
Use this command when you want to inspect or copy the Vector template into an existing endpoint forwarding workflow.

Examples

Print Vector config for the default per-user Beacon install:
Print Vector config for the default per-user Beacon install
Print Vector config for a system-mode MDM deployment:
Print Vector config for a system-mode MDM deployment
Print Vector config for a custom runtime log:
Print Vector config for a custom runtime log

Flags

beacon endpoint s3 install-pack

beacon endpoint s3 install-pack writes AWS S3 forwarding content to a directory.
Generate the integration pack
The pack includes setup instructions, a one-shot AWS CLI smoke-test script, a Vector aws_s3 forwarding template, and sample Beacon endpoint events. The generated Vector template preserves each Beacon event’s canonical gen_ai.usage payload and also flattens token and runtime-reported cost fields to top-level JSON columns for downstream analytics: input_tokens, output_tokens, cache_read_input_tokens, cache_creation_input_tokens, reasoning_output_tokens, and cost_usd.

Examples

Generate a content pack for the default per-user install:
Generate a content pack for the default per-user install
Generate a content pack for a system-mode deployment:
Generate a content pack for a system-mode deployment
Generate a content pack for a custom runtime log:
Generate a content pack for a custom runtime log

Flags

beacon endpoint s3 validate

beacon endpoint s3 validate writes a Beacon validation event to the runtime JSONL log and prints the expected AWS S3 validation fields and follow-up AWS CLI checks.
Run the validation check

Examples

Write a validation event for the default per-user install:
Write a validation event for the default per-user install
Write a validation event for a system-mode deployment:
Write a validation event for a system-mode deployment
Write a validation event to a custom runtime log:
Write a validation event to a custom runtime log
The validation command writes the local event only. Confirm remote delivery with AWS tooling:
Expected validation fields:

Flags

macOS MDM Credential Injection

For a managed macOS package, run /opt/beacon/jamf/claude/s3/repair-hooks-and-forwarder.sh from MDM or a root shell with destination settings in the environment. The helper writes non-secret forwarding settings and any set AWS provider-chain variables to /Library/Application Support/Beacon/Forwarders/s3-vector.env with mode 0600, then starts com.beacon.endpoint.s3-forwarder. Supported provider-chain variables include AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_PROFILE, AWS_SHARED_CREDENTIALS_FILE, AWS_CONFIG_FILE, AWS_WEB_IDENTITY_TOKEN_FILE, and AWS_ROLE_ARN. These values are not written to Beacon endpoint config or s3-vector.toml.

Object storage forwarding

Configure Vector forwarding from Beacon JSONL into AWS S3.

Log forwarding

Review forwarding patterns and validation steps.

Endpoint agent

Install and inspect the local endpoint agent.

Endpoint event schema

Review normalized Beacon JSONL fields and example events.