Skip to main content

ResouceWatch

AWS ResourceWatch

AWS provides many APIs to describe the current state of an account. Fluency can call these APIs via an IAM user to obtain information about thes AWS resources.

An IAM user with the following permission will be required to make use of the Fluency AWS ResourceWatch integration:

  • iam:ListUsers
  • iam:GenerateCredentialReport
  • iam:GetCredentialReport
  • ec2:Describe*
  • s3:ListAllMyBuckets
  • s3:GetBucketLocation
  • s3:GetBucketTagging
  • cloudwatch:GetMetricStatistics

The following section outlines the process of creating this IAM user via a provided CloudFormation script.

AWS CloudFormation

AWS CloudFormation allows you to configure AWS resources from script/code. This makes deployment easy and consistent, and greately decrease the possiblity os errors or misconfigurations.

Fluency offers several CloudFormation scripts to facilitate integration. While these scripts are free to use, keep in mind that AWS CloudFormation is a paid service, and you will incur a charge from AWS for using it.

Link to the ResourceWatch CloudFormation file on S3: https://fluency-cloudformation.s3.us-east-2.amazonaws.com/AWSResourceWatch.yaml.

Deploying a CloudFormation template

Navigate to the CloudFormation section of the AWS Management Console.

Under the "Stacks" section, choose "Create stack" (with new resources, standard).

On the following page, specify a template, and choose the desired template (using Amazon S3 URL) from above:

Click "Next" to continue.

Give this deployment a name, and specify some parameters of the queue. You can choose your own name, or keep the default values provided by Fluency.

Click "Next" to continue.

Review the deployment, when complete, choose "Create stack" to deploy.

The deployment in progress:

Once the deployment is complete, navigate to the "Outputs" tab.

Copy the details (Key/Values) shown. You will be asked for these items on the Fluency interface.

Fluency Web Interface

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Open the main drop-down menu and choose the Integrations option under the Platform section.

...TO BE CONTINUED...

On the following page, navigate to the Cloud Infrastructure as a Service section.

To Add an integration for "Fluency AWS ResourceWatch", choose the "AWS ResourceWatch" icon from the group on the left side of the page to create a new AWS integration endpoint.

In the pop-up window, give the integration a short name (or choose default). The value will be used within Fluency interface only to distinguish the different integrations. It is suggested to avoid using spaces in this field.

Enter the IAM credentials from the previous step, and select the applicable AWS Region(s) for your deployment. Use the "Proceed" button to add the integration endpoint.

Select the AWSResourceWatch integration endpoint from the list on the right side of the page, in the same Cloud Infrastructure as a Service section. Choose the pencil or gear icon to edit/view/configure the connector.

Once completed, the integration outputs (AWS Resources) can be seen from the Main Menu, under the Resources section. Select the AWS option.

Page last updated: 2023 Aug 07 11:49:33 EDT