Document toolboxDocument toolbox

Source Onboard Prerequisites

AWS Cloudtrail

To onboard any use case relying over AWS Cloudtrail data as a source, we need to configure the source via Use case page itself. However before moving on to the source onboarding flow we need to have some prerequisites information handy.

Since, AWS Cloudtrail data is populated at a S3 Bucket we need to pull that data through SQS from the cloud. To achieve this data flow we need to create resources like SQS, SNS, Roles & Policies on the AWS Cloud.

Prerequisites:

  • IAM User creation on the AWS account that needs to be onboarded.

  • AWS Cloudtrail Integration Connection

  • S3 ARN for bucket having Cloudtrail data

IAM User creation

A User needs to be created on the AWS account that needs to be onboarded with following policy.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "sns:TagResource", "iam:GetRole", "sqs:ChangeMessageVisibility", "sns:GetTopicAttributes", "sns:DeleteTopic", "iam:TagRole", "sns:CreateTopic", "sns:Unsubscribe", "iam:CreateRole", "iam:DeleteRole", "sns:SetTopicAttributes", "sqs:GetQueueAttributes", "iam:PutRolePolicy", "cloudformation:DescribeStacks", "sqs:TagQueue", "cloudformation:CreateStack", "iam:DeleteRolePolicy", "sqs:DeleteQueue", "sns:Subscribe", "sqs:CreateQueue", "sqs:SetQueueAttributes", "cloudtrail:DescribeTrails", "s3:PutBucketNotification" ], "Resource": "*" } ] }

AWS Cloudtrail Integration Connection

If you haven’t created any Integration connection yet, you can create it during onboarding process itself by selecting "New Connection" in the drop down of "Connection to AWS". An Integration connection creation form will be opened which needs to be filled.

  • Label: Name to be given to the Integration connection

  • Access Key: AWS Access Key of the IAM User created previously.

  • Secret Key: AWS Secret Key of the IAM User created previously.

  • Region: AWS Region of the S3 Bucket having cloudtrail data.

S3 ARN for Cloudtrail Bucket

To get the ARN of the S3 Bucket:

  • Go to S3

  • Click on your cloudtrail bucket

  • Go to Properties Tab

  • In the Bucket Overview section, Amazon Resource Name (ARN) will be present.

  • Take a note of this ARN, and provide this detail during the source onboarding process.
    Note : Make sure the S3 bucket you are using is not having any existing Event notifications setup. This may lead to failure as multiple event notification are not allowed on overlapping prefixes by AWS.