Cloud Integrations
      Back to home
      1. Help Center
      2. Cloud Integrations

      AWS Integration

      An overview and step-by-step guide to AgileBlue's integration with AWS.

      Overview

      AgileBlue leverages S3 Buckets for data collection via AWS SQS to provide a quicker method of collecting log data. The following log types are currently supported:

      • CloudTrail
      • CloudWatch
      • EC2
      • ELB
      • S3Access
      • VPCFlow

      All log types are set up by the same method, with the primary difference being the S3 Bucket name the log types are stored in.

      AWS SQS Setup

      1. In the AWS Console, proceed to the "Simple Queue Service" and select "Create Queue."

        1-2

        Provide a name for the Queue. The recommended naming convention is "AgileBlue-<Log_Type>. Ex: For EC2, the Queue name would be "AgileBlue-EC2".

        1.1-1
      2. Under the "Access policy" section, select "Advanced" and leverage the configuration below:
        a. <example-ID> and <example-statement-ID> have no recommended convention
        b. <SQS-queue-ARN> will need to match the SQS Queue Name (this can be gathered from the "Resource" value in the Advanced config).

        2-2
        c. <bucket-name> will need to match the name of the bucket the data will be stored in.

        When the policy is applied, it will look something like this:

        2.1-1

        Access Policy:

        2.2-1
      3. Once the policy is in place, click "create queue."

      IAM Account/Policy

      Next, an IAM account will be needed in order to allow the collector to access the information stored in S3. We recommend a blank service account with a policy with only the following persmissions:

      • s3:GetObject
      • sqs:ReceiveMessage
      • sqs:ChangeMessageBisability
      • sqs:DeleteMessage

      When complete, create an access_id and secret_key for the account.

      S3 Bucket Configuration

      Follow the steps below on the bucket that will contain the log information to be collected.

      1. In the S3 console, select the bucket that contains the log data for collection and select "Properties".

        ec2_logstorage
      2. Scroll to the "Event Notifications" and select "Create event notification".
      3. Provide an "Event Name" (other options here are not required).

        Event-Notification
      4. Select "All object create events" under the "Event Types".

        EventTypes
      5. Under "Destination," select "SQS queue" and from the drop down, select the queue that was created earlier, then click "Save changes."

        Destination

      To get S3 access logs, repeat the steps above:

      1. Create a bucket to send the logs to.
      2. Create the SQS service for the newly created bucket.
      3. On the buckets access logs are needed for, go to "Properties" and then "Server access logging."
      4. Select "Enable" and then mark the target bucket to the one created to store these logs and click "Save changes."

      Last

      Repeat this process for other log types. When this is completed, send an email to support@agileblue.com to notify our team. A specialist will then send an encrypted email back, to which you can reply with the required information. Below is an example of how the response should look:

      • Access_id: <access-id>
      • Secret_Key: <secret-key>
      • cloudwatchSQS: <cloudwatch-sqs-url>
      • cloudtrailSQS: <cloudtrail-sqs-url>
      • etc.

      Questions? Contact AgileBlue Support.

      Email: support@agileblue.com
      Phone: (216) 606-9400