About this task

Prerequisites

  • The custom policy of the AWS Account User to add AWS data source is as follows:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "iam:ListAccountAliases"
                ],
                "Resource": [
                    "*"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "ec2:Describe*"
                ],
                "Resource": "*"
            },
            {
                "Action": [
                    "logs:Describe*",
                    "logs:Get*",
                    "logs:TestMetricFilter",
                    "logs:FilterLogEvents"
                ],
                "Effect": "Allow",
                "Resource": "*"
            }
        ]
    }
  • There are a list of URLs which should be accessible from the Collector VM to access AWS. The AWS can be deployed in multiple regions. There are separate URLs associated with different regions. If you are unaware of the region or the service, have a wildcard entry for the URL such as *.amazonaws.com.

    Note:

    The wildcard entry will not work for the China region.

    But if you want to give fine-grained access to separate URLs, there are 4 services based on the region:

    Regions except GovCloud and China

    • ec2.<REGION>.amazonaws.com

    • logs.<REGION>.amazonaws.com

    • sts.<REGION>.amazonaws.com

    • iam.amazonaws.com

    GovCloud Region

    • ec2.us-gov-west-1.amazonaws.com

    • logs.us-gov-west-1.amazonaws.com

    • sts.us-gov-west-1.amazonaws.com

    • iam.us-gov.amazonaws.com

    China (Beijing) Region

    • ec2.cn-north-1.amazonaws.con.cn

    • logs.cn-north-1.amazonaws.com.cn

    • sts.cn-north-1.amazonaws.com.cn

    • iam.cn-north-1.amazonaws.com.cn

    You can use any of the following values for REGION based on the AWS region:

    Region Name

    Region

    US East (Ohio)

    us-east-2

    US East (N. Virginia)

    us-east-1

    US West (N. California)

    us-west-1

    US West (Oregon)

    us-west-2

    Asia Pacific (Mumbai)

    ap-south-1

    Asia Pacific (Seoul)

    ap-northeast-2

    Asia Pacific (Singapore)

    ap-southeast-1

    Asia Pacific (Sydney)

    ap-southeast-2

    Asia Pacific (Tokyo)

    ap-northeast-1

    Canada (Central)

    ca-central-1

    EU (Frankfurt)

    eu-central-1

    EU (Ireland)

    eu-west-1

    EU (London)

    eu-west-2

    South America (São Paulo)

    sa-east-1

    Gov Cloud

    us-gov-west-1

    China (Beijing)

    cn-north-1

Procedure

  1. Select Account/Data Sources and click Add Source.
  2. Under Public Clouds section, click Amazon Web Services.
  3. Add your AWS account by using Amazon Access Key ID and corresponding Secret Access Key.
    Note:

    Your Amazon Access Key ID is a 20-digit string with a corresponding Secret Access Key. For more details, see http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html.

    This process might take 15 to 20 minutes for adding and displaying your account data.

  4. After you have validated your AWS account, you can select Enable Flows data collection to get deeper insights.