Monitoring
AWS Cloudwatch Metrics
A key component of monitoring (and observability) is the collection and processing of metrics. In the AWS ecosystem, these metrics are found in AWS Cloudwatch Metrics.
CloudWatch Metrics are obtained through API polling.
Fluency integration concepts
Fluency's integration will use the AssumeRole API to securely connect with your intermediary resources without the need to pass around IAM credentials. An IAM Policy w/ External ID will explicitly define Fluency's scope of access to your account.
At any time, you may remove the integration and/or intermediary resources to revoke access.
See: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html.
The integration consists of three sections:
The user will first initiate the integration on the Fluency Portal. Creating a new plugin from the Integration section will generate a unique External ID for use in the client AWS account.
Fluency provides AWS CloudFormation scripts for the user to create AWS resources for the integration. Executing the CloudFormation with the External ID, will create AWS resources.
The final step will test the above AWS configuration in the Fluency interface. Once the test is successful, the user can complete the rest of the integration.
Fluency Web Interface
Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.
Open the main drop-down menu and choose the Integrations option under the Platform section.
...TO BE CONTINUED...
On the following page, navigate to the Cloud Infrastructure as a Service section.
Click the "AWS monitoring" icon from the group on the left side of the page, you'll see a pop-up window to create a new integration endpoint:
Fill in the information and click "SAVE" to finish. This integration endpoint will be shown on the right side of the Cloud Infrastructure as a Service section.
NOTE: If an integration endpoint was setup previously, you can also modify (pencil icon), turn on/off (switch icon) or delete it (bin icon) from the right side of the Cloud Infrastructure as a Service section.
AWS CloudFormation
AWS CloudFormation allows you to configure AWS resources from script/code. This makes deployment easy, and consistent, and greatly decrease the possiblity of errors or mis-configurations.
The following resources will be created on AWS:
- 1 IAM Role
- 2 IAM Policy
While the script is free to use, keep in mind that AWS CloudFormation is a paid service, and you will incur a charge from AWS for using it.
Link to the CloudFormation file on S3 (initialization script):
https://fluency-cloudformation.s3.us-east-2.amazonaws.com/FluencyAWSMonitoringV6.yaml
Link to the CloudFormation file on S3 (initialization script for AWS GovCloud users):
https://fluency-cloudformation.s3.us-east-2.amazonaws.com/FluencyAWSMonitoringGovCloudV2.yaml
Deploying a CloudFormation template
Navigate to the CloudFormation section of the AWS Management Console.
Under the "Stacks" section, choose "Create stack" (with new resources, standard).
On the following page, specify a template, and choose the desired template (using Amazon S3 URL) from above:
Click Next to continue.
Give this deployment a name, and specify some parameters. You can choose your own name, or keep the default values provided by Fluency.
Click Next to continue.
Configure additional items (optional).
Click Next to continue.
Review the deployment, when complete, choose Create stack to deploy.
The deployment in progress
When the deployment is complete, return to the Fluency interface for the following step.
Page last updated: 2023 Aug 07 11:49:33 EDT