Versions Compared

Old Version 46

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

compared with

New Version 47

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Version published after converting to the new editor


Note

In your AWS account, you must have read privileges for AWS S3 buckets and AWS CloudTrail.

Pre-Deployment Considerations

...

AWS Account Information

  1. Access your AWS console.
  2. In the top, right corner, locate and copy your account number and corresponding region. You will need this information later.

...

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Log & Data Management.
  3. Click External Sources.
  4. Click the plus ( + ) sign.
    • If you do not have any log sources already created, then click Add a New Log Source.
  5. Complete the missing fields:
    • In Endpoint, select the available Armor Endpoint.
    • In Log Source Type, select Amazon AWS CloudTrail.
    • In Log Source Identifier, confirm that the listed system hostname matches the system for log collection.
      • This field will populate after you complete the Account Number field.
    • In Protocol, confirm that Amazon AWS S3 REST API is selected.
    • In Account Number, paste the AWS account number that you copied early. You must remove any dashes or hyphens ( - ).
    • In Region to Monitor, select the region that corresponds to the account number.
  6. Click Save Log Source.
  7. In the pop-up window, copy and paste the URL text. You will need this information in the AWS console.
  8. Click Return to the Log Source List. You will be redirected to the External Sources screen.
  9. In the External Sources screen, refresh the screen until the log source reaches an Online status.

...

Info

Troubleshooting

If you are having issues adding a remote log collector to an AWS CloudTrail remote device, consider that:

  • You need to update your permissions in AWS.
    • You must have read privileges for S3 buckets and write privileges for AWS CloudTrail.
      • Your account must be assigned to the AWSCloudTrailFullAccess policy. To learn more the permissions (policies) for AWS CloudTrail, please see the documentation in AWS.
  • Ensure that the region you entered in AMP matches your AWS account's region.
  • If you are having difficult searching for your logs, consider entering you AWS account number surrounded by asterisks wildcards, such as *123456789123*.

...