Forwarding Command
Usebeacon endpoint s3 to generate AWS S3 forwarding content for Beacon endpoint events. The generated pack keeps Beacon as a local JSONL producer and helps your customer-managed Vector agent upload runtime.jsonl to an S3 bucket as gzip-compressed NDJSON.
Beacon does not store AWS credentials, profiles, IAM roles, bucket policies, lifecycle rules, or encryption settings in endpoint configuration. Keep those values in AWS, Vector, endpoint-management policy, or deployment tooling. For packaged macOS MDM deployments, the managed S3 helper can persist MDM-injected AWS provider-chain environment variables to the root-owned Vector environment file used by launchd.
Command syntax
Commands
beacon endpoint s3 print-config
Print the Vector AWS S3 forwarding template for the configured runtime log.
beacon endpoint s3 install-pack
Write AWS S3 forwarding content to a directory.
beacon endpoint s3 validate
Write and describe a Beacon AWS S3 validation event.
Runtime log paths
beacon endpoint s3 print-config
beacon endpoint s3 print-config prints a Vector configuration that tails the selected Beacon runtime JSONL log and writes gzip-compressed NDJSON objects to AWS S3.
Print the configuration
Examples
Print Vector config for the default per-user Beacon install:Print Vector config for the default per-user Beacon install
Print Vector config for a system-mode MDM deployment
Print Vector config for a custom runtime log
Flags
beacon endpoint s3 install-pack
beacon endpoint s3 install-pack writes AWS S3 forwarding content to a directory.
Generate the integration pack
aws_s3 forwarding template, and sample Beacon endpoint events.
The generated Vector template preserves each Beacon event’s canonical
gen_ai.usage payload and also flattens token and runtime-reported cost fields
to top-level JSON columns for downstream analytics: input_tokens,
output_tokens, cache_read_input_tokens, cache_creation_input_tokens,
reasoning_output_tokens, and cost_usd.
Examples
Generate a content pack for the default per-user install:Generate a content pack for the default per-user install
Generate a content pack for a system-mode deployment
Generate a content pack for a custom runtime log
Flags
beacon endpoint s3 validate
beacon endpoint s3 validate writes a Beacon validation event to the runtime JSONL log and prints the expected AWS S3 validation fields and follow-up AWS CLI checks.
Run the validation check
Examples
Write a validation event for the default per-user install:Write a validation event for the default per-user install
Write a validation event for a system-mode deployment
Write a validation event to a custom runtime log
Flags
macOS MDM Credential Injection
For a managed macOS package, run/opt/beacon/jamf/claude/s3/repair-hooks-and-forwarder.sh from MDM or a root shell with destination settings in the environment. The helper writes non-secret forwarding settings and any set AWS provider-chain variables to /Library/Application Support/Beacon/Forwarders/s3-vector.env with mode 0600, then starts com.beacon.endpoint.s3-forwarder.
Supported provider-chain variables include AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_PROFILE, AWS_SHARED_CREDENTIALS_FILE, AWS_CONFIG_FILE, AWS_WEB_IDENTITY_TOKEN_FILE, and AWS_ROLE_ARN. These values are not written to Beacon endpoint config or s3-vector.toml.
Related
Object storage forwarding
Configure Vector forwarding from Beacon JSONL into AWS S3.
Log forwarding
Review forwarding patterns and validation steps.
Endpoint agent
Install and inspect the local endpoint agent.
Endpoint event schema
Review normalized Beacon JSONL fields and example events.

