Skip to content
/ AWShim Public

AWS Configurator Script for Blumira Logging Configurations

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Blumira/AWShim

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
AWShim.sh
AWShim.sh
 
 
BlumiraVPCFlowToCWL.json
BlumiraVPCFlowToCWL.json
 
 
BlumiraVPCToCWLTrustPolicy.json
BlumiraVPCToCWLTrustPolicy.json
 
 
CTIAMroletemplate.json
CTIAMroletemplate.json
 
 
CTtoCWTrustPolicy.json
CTtoCWTrustPolicy.json
 
 
KIAMpolicyTemplate.json
KIAMpolicyTemplate.json
 
 
LICENSE
LICENSE
 
 
PermissionPolicyForCWLToDataStreamTemplate.json
PermissionPolicyForCWLToDataStreamTemplate.json
 
 
README.md
README.md
 
 
S3LifeCycle.json
S3LifeCycle.json
 
 
S3bucketpolicytemplate.json
S3bucketpolicytemplate.json
 
 
TrustPolicyForCWLToKinesisTemplate.json
TrustPolicyForCWLToKinesisTemplate.json
 
 
TrustPolicyForRules.json
TrustPolicyForRules.json
 
 
policy.json
policy.json
 
 
ruleIAMserviceroleTemplate.json
ruleIAMserviceroleTemplate.json
 
 
target.json
target.json
 
 
targetTemplate.json
targetTemplate.json
 
 

Repository files navigation

AWShim

AWS configurations for logging through the various services can now be automated, simplifying the configuration steps and getting logs ingested even faster. This tool will create the requisite streams, policies, users, permissions, and resources for getting logs from Cloudwatch, Cloudtrail, GuardDuty, and VPC flow logs.

Getting Started

You will need an account in AWS that has access to the AWS CloudShell interface in the Management Console. Your account must also be able to create IAM roles, users, and policies. In addition to those permissions, you must be able to create resources within AWS.

Steps

Sign in to the Management Console in AWS.

Now click on the AWS CloudShell button in the top right hand corner of the screen. It will look like a box with the “>.” symbol inside.

Once the CLI starts up you will be presented with a window that will look similar to what is shown below. Indicating that the CloudShell is ready to start taking commands.

Now you will need to run the following commands:

git clone https://github.com/Blumira/AWShim
cd ./AWShim
chmod +x ./AWShim.sh
./AWShim.sh -c

There are a few prompts in this script please read carefully and answer based on what is in your AWS environment, the prompts are listed below:

  • Please enter your Region (for example us-east-1 or us-west-2)
  • Do you want to ship GuardDuty logs? (y/n)
  • Do you want to ship VPC Flow logs? (y/n)

You will see the output from several commands, which can be ignored. Once the script is done running you will see an output that is preceded by two lines of ‘*’ followed by the information that you will need to use inside of Blumira (shown below).

Configuring AWS Cloud Connector

Once the script is completed copy the Stream Name, Access Key ID, Secret Key, and Region. Navigate to Blumira. Once inside your Blumira account, go to Settings>Cloud Connectors. Click “+ Cloud Connector”. Then paste in the values that were copied from the script’s output. Once done click “Connect”.

Additional Notes:

Resources Created:

  • Kinesis Stream
  • Cloudwatch Log Groups
  • Cloudwatch Rules
  • Cloudtrail Trail
  • S3 Bucket (for Trail)
  • IAM user and several roles
  • Event Service role
  • Cloudwatch role for shipping logs to stream
  • Cloudtrail to cloudwatch role
  • VPC to Cloudwatch role

All resources will be namespaced by a unique epoch date/time to more easily find what is being created.

About

AWS Configurator Script for Blumira Logging Configurations

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages